Critical severityNVD Advisory· Published Sep 28, 2021· Updated Aug 4, 2024
CVE-2020-20120
CVE-2020-20120
Description
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/thinkphpPackagist | <= 3.2.3 | — |
Affected products
2- ThinkPHP/ThinkPHPdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-m7h5-fjjq-559fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-20120ghsaADVISORY
- github.com/top-think/thinkphp/issues/553ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.