CVE-2021-44350
Description
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in ThinkPHP5 5.0.x-5.1.22 via unsanitized input in parseOrder() allows data extraction.
Vulnerability
ThinkPHP5 versions 5.0.x through 5.1.22 contain a SQL injection vulnerability in the parseOrder method of the Builder class. The method directly concatenates user-supplied data into SQL statements without proper sanitization [1][3].
Exploitation
An attacker can exploit this by sending a crafted HTTP request with a malicious order parameter payload, such as ?name[name^updatexml(1,concat(0x7,user(),0x7e),1)%23]=1. No prior authentication is required if the application uses the vulnerable order method [3].
Impact
Successful exploitation enables SQL injection, allowing data disclosure, modification, or deletion. Attackers can extract sensitive information like user credentials from the database [3].
Mitigation
The vulnerability is fixed in ThinkPHP version 5.1.23 and later. Upgrade to a patched version. As a workaround, implement input validation and use parameterized queries [1][3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | >= 5.0, <= 5.1.22 | — |
Affected products
2- ThinkPHP5/ThinkPHP5description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-q868-c4vw-qjx3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44350ghsaADVISORY
- github.com/top-think/framework/issues/2613ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.