CVE-2018-10225
Description
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ThinkPHP 3.1.3 SQL injection via index.php s parameter allows unauthenticated attackers to execute arbitrary SQL queries.
Vulnerability
ThinkPHP version 3.1.3 contains a SQL injection vulnerability in the s parameter of index.php. The application fails to properly sanitize user input before incorporating it into SQL queries. No special configuration is required; the default installation is affected.
Exploitation
An unauthenticated attacker can craft a malicious request to index.php with a specially crafted s parameter. By injecting SQL syntax, the attacker can manipulate the underlying database query. No authentication or special privileges are needed.
Impact
Successful exploitation allows the attacker to execute arbitrary SQL statements, potentially leading to data exfiltration, modification, or deletion. The attacker can gain unauthorized access to sensitive information stored in the database, such as user credentials and application data.
Mitigation
As of the available references [1], no official patch or updated version has been released for ThinkPHP 3.1.3. Users should upgrade to a later supported version of ThinkPHP, such as 5.0 or later, which includes proper input validation. If upgrading is not possible, implement input sanitization and use parameterized queries.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- ghsa-coords
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-xvhr-7q4q-qjgpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10225ghsaADVISORY
- www.blcat.cn/post-39.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.