Critical severity9.8NVD Advisory· Published Feb 1, 2021· Updated Jun 17, 2026
CVE-2020-21176
CVE-2020-21176
Description
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thinkjsnpm | <= 3.2.14 | — |
Affected products
2- ThinkJS/ThinkJSdescription
Patches
Vulnerability mechanics
References
4- blog.jiguang.xyz/posts/thinkjs-sql-injection/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-q5mq-6fjg-4mw8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-21176ghsaADVISORY
- blog.jiguang.xyz/posts/thinkjs-sql-injectionghsaWEB
News mentions
0No linked articles in our index yet.