821 matches found
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...
CVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...
CVE-2018-18530
ThinkPHP 5.1.25 contains a SQL Injection via the count parameter caused by mishandling of the aggregate variable in library/think/db/Query.php. The flaw enables injection with a backquote character in the attack URI. Affected product: ThinkPHP (PHP framework); root cause: aggregate handling in Qu...
CVE-2018-18529
ThinkPHP 3.2.4 is affected by an SQL injection in the count parameter due to the parseKey function in Library/Think/Db/Driver/Mysql.class.php mishandling the key variable. This is documented across multiple sources (NVD, Red Hat, GHSA, CNVD, osv) and consistently references the same root cause. T...
SQL Injection Vulnerability in LFCMS v3.8.6
LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS v3.8.6 exists SQL injection vulnerability, the vulnerability stems from the failure to filter pid parameters, attackers ca...
ThinkPHP SQL Injection Vulnerability (CNVD-2018-20227)
ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in the 'delete' function in ThinkPHP version 5.1.24. A remote attacker can exploit this vulnerability by controlling the value of the query parameter to delete a user...
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
Sql injection
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete is vulnerable to SQL injection when the WHERE condition value can be controlled by a user, enabling attackers to alter queries. The CVE-2018-17566 entry is supported by multiple sources (e.g., GHSA/CNVD/NVD) and notes the vulnerability stems from the ...
Design/Logic Flaw
Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...
SQL Injection
ThinkPHP is vulnerable to SQL injection. A remote attacker is able to inject arbitrary SQL commands through the public/index/index/test/index query string...
Sql injection
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...
CVE-2018-16385
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...
CVE-2018-16385
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...
CVE-2018-16385
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...
CVE-2018-16385
ThinkPHP (PHP framework) is vulnerable to SQL injection in all versions before 5.1.23. The flaw allows a remote attacker to inject SQL via the public/index/index/test/index query string, potentially compromising database integrity and confidentiality. Affected product/version: ThinkPHP prior to 5...
ThinkPHP SQL Injection Vulnerability (CNVD-2019-17159)
ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in ThinkPHP versions prior to 5.1.23. The vulnerability stems from the program not correctly filtering the key value of an array, which can be exploited by a remote attack...