CVE-2018-17566

top-think/think

on github

Published

September 26, 2018

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.

References

https://github.com/top-think/think/issues/858

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:thinkphp:thinkphp:5.1.24:::::::*	n/a	n/a	5.1.24

External Links

NVD - CVE-2018-17566