CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2022-47945
https://notcve.org/view.php?id=CVE-2022-47945
23 Dec 2022 — ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. • https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44289
https://notcve.org/view.php?id=CVE-2022-44289
06 Dec 2022 — Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Thinkphp 5.1.41 y 5.0.24 tiene un error de lógica de código que provoca la carga del archivo getshell. • https://github.com/top-think/framework/issues/2772 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23592 – Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-23592
06 May 2022 — The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. El paquete topthink/framework versiones anteriores a 6.0.12, es vulnerable a una Deserialización de Datos No Confiables debido al método no seguro unserialize en la clase Driver • https://github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905c • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-25481
https://notcve.org/view.php?id=CVE-2022-25481
20 Mar 2022 — ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode. Se ha detectado que ThinkPHP Framework versión v5.0.24, estaba configurado sin el parámetro PATHINFO. Esto permite a atacantes acceder a todos los parámetros del entorno del sistema desde el archivo index.php • https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44892
https://notcve.org/view.php?id=CVE-2021-44892
10 Feb 2022 — A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. Se presenta una vulnerabilidad de ejecución de código remota (RCE) en ThinkPHP versión 3.x.x por medio de la función value[_filename] en el archivo index.php, que podría permitir a un usuario malicioso obtener privilegios de control del servidor • https://github.com/Stakcery/Web-Security/issues/1 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44350
https://notcve.org/view.php?id=CVE-2021-44350
15 Dec 2021 — SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. Se presenta una vulnerabilidad de inyección SQL en ThinkPHP5 versiones 5.0.x anteriores a 5.1.22 incluyéndola, por medio de la función parseOrder en el archivo Builder.php • https://github.com/top-think/framework/issues/2613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20120
https://notcve.org/view.php?id=CVE-2020-20120
28 Sep 2021 — ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. ThinkPHP versiones v3.2.3 y por debajo, contienen una vulnerabilidad de inyección SQL que es desencadenada cuando no se pasa el array a los métodos "where" y "query" • https://github.com/top-think/thinkphp/issues/553 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 6CVE-2019-9082 – ThinkPHP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9082
24 Feb 2019 — ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. ThinkPHP, en versiones anteriores a la 3.2.4, tal y como se emplea en Open Source BMS v1.1.1 y otros productos, permite la ejecución remota de comandos mediante public//?s=index/\think\app/invokefunctionfunction=call_user_func_arrayvars[0]=systemvars[1][]=, seguido por el co... • https://packetstorm.news/files/id/151967 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18546
https://notcve.org/view.php?id=CVE-2018-18546
21 Oct 2018 — ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. ThinkPHP 3.2.4 tiene una inyección SQL mediante el parámetro order debido a que la función parseOrder en Library/Think/Db/Driver.class.php gestiona de manera incorrecta la variable key. • https://98587329.github.io/2018/10/09/thinkphp%E6%B3%A8%E5%85%A5%E5%88%86%E6%9E%90 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18529
https://notcve.org/view.php?id=CVE-2018-18529
19 Oct 2018 — ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. ThinkPHP 3.2.4 tiene una inyección SQL mediante el parámetro count debido a que la función parseKey en Library/Think/Db/Driver/Mysql.class.php gestiona de manera incorrecta la variable key. NOTA: no se requiere un carácter de acento grave en el URI del ataque. • https://www.kingkk.com/2018/10/Thinkphp-%E8%81%9A%E5%90%88%E6%9F%A5%E8%AF%A2%E6%BC%8F%E6%B4%9E/#ThinkPHP3-lt-3-2-4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •