VYPR

Packagist (Composer) package

topthink/thinkphp

pkg:composer/topthink/thinkphp

Vulnerabilities (2)

  • CVE-2024-48112Oct 30, 2024
    affected >= 6.1.3, <= 8.0.4

    A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

  • CVE-2020-20120Sep 28, 2021
    affected <= 3.2.3

    ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.