CVE-2018-17566
on github
Published
Severity
CVSS v3:
9.8 CRITICAL
CVSS v2:
7.5 HIGH
Description
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:thinkphp:thinkphp:5.1.24:*:*:*:*:*:*:* | n/a | n/a | 5.1.24 |