top-think/thinkphp

Releases9

Frequency9 months 8 hours

Last Release over 7 years ago

Stars2.9K

ThinkPHP3.2 ——基于PHP5的简单快速的面向对象的PHP框架

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-20120 ↗	Sep 28, 2021Tuesday, 28 September 2021, 23:15	9.8 CRITICAL	7.5 HIGH
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
CVE-2018-18546 ↗	Oct 21, 2018Sunday, 21 October 2018, 01:29	—	7.5 HIGH
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.