Packagist (Composer) package
topthink/thinkphp
pkg:composer/topthink/thinkphp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-48112 | — | >= 6.1.3, <= 8.0.4 | — | Oct 30, 2024 | A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | ||
| CVE-2020-20120 | — | <= 3.2.3 | — | Sep 28, 2021 | ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. |
- CVE-2024-48112Oct 30, 2024affected >= 6.1.3, <= 8.0.4
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
- CVE-2020-20120Sep 28, 2021affected <= 3.2.3
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.