Vulnerabilities > Thinkphp > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-44289 Unrestricted Upload of File with Dangerous Type vulnerability in Thinkphp 5.0.24/5.1.41
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
network
low complexity
thinkphp CWE-434
8.8
8.8
2022-06-29 CVE-2022-33107 Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.12
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php.
network
low complexity
thinkphp CWE-502
7.5
7.5
2022-05-06 CVE-2021-23592 Deserialization of Untrusted Data vulnerability in Thinkphp
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
network
low complexity
thinkphp CWE-502
7.5
7.5
2022-03-21 CVE-2022-25481 Exposure of Resource to Wrong Sphere vulnerability in Thinkphp 5.0.24
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter.
network
low complexity
thinkphp CWE-668
7.5
7.5
2021-12-15 CVE-2021-44350 SQL Injection vulnerability in Thinkphp
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
network
low complexity
thinkphp CWE-89
7.5
7.5
2021-12-06 CVE-2021-36564 Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.8
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.
network
low complexity
thinkphp CWE-502
7.5
7.5
2021-09-28 CVE-2020-20120 SQL Injection vulnerability in Thinkphp 3.1.3/3.2.3
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
network
low complexity
thinkphp CWE-89
7.5
7.5
2018-10-21 CVE-2018-18546 SQL Injection vulnerability in Thinkphp 3.2.4
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
network
low complexity
thinkphp CWE-89
7.5
7.5
2018-10-19 CVE-2018-18530 SQL Injection vulnerability in Thinkphp 5.1.25
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable.
network
low complexity
thinkphp CWE-89
7.5
7.5
2018-10-19 CVE-2018-18529 SQL Injection vulnerability in Thinkphp 3.2.4
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable.
network
low complexity
thinkphp CWE-89
7.5
7.5