ReportizFlow
Filtered by vendor Thinkphp
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | ||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | ||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | ||||
| CVE-2018-16385 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | ||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | ||||
| CVE-2024-44902 | 1 Thinkphp | 1 Thinkphp | 2024-09-20 | 9.8 Critical |
| A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | ||||