CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

CVE-2022-38352

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

Directory Traversal Vulnerability in ThinkAdmin v6

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, open source using the MIT protocol. ThinkAdmin v6 has a directory traversal vulnerability. Attackers can use the vulnerability through the POST request rules parameter to exploit the vulnerability to read...

CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

Code execution vulnerability in AddonsController.class.php file in backend of Thunderwind Movie CMS v3.3.4

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. A code execution vulnerability exists in the AddonsController.class.php file in the backend of Thunderwind CMS...