topthink/framework Security Advisories (19)
-
[CRITICAL] ThinkPHP Path Traversal Vulnerability
PKSA-1h4d-g3yk-64z8 CVE-2025-50706 GHSA-mrwc-mvr8-9xq5
Affected version: <=5.1.41
Reported by:
GitHub -
[CRITICAL] ThinkPHP deserialization vulnerability
PKSA-wpgp-v5cy-4kds CVE-2024-44902 GHSA-f4wh-359g-4pq7
Affected version: >=6.1.3,<=8.0.4
Reported by:
GitHub -
[MEDIUM] ThinkPHP Cross-Site Scripting Vulnerability
PKSA-qzw1-yq5b-y8j5 CVE-2024-34467 GHSA-969f-v7jv-pgj3
Affected version: <6.0.17|>=6.1.0,<6.1.5|>=8.0.0,<8.0.4
Reported by:
GitHub -
[CRITICAL] ThinkPHP Framework vulnerable to remote code execution
PKSA-xv6g-qybq-hr8n CVE-2022-47945 GHSA-p4qr-vq2g-22wp
Affected version: <6.0.14
Reported by:
GitHub -
[HIGH] Thinkphp has a code logic error
PKSA-xkj5-9ynr-37y8 CVE-2022-44289 GHSA-59fh-rjq3-xq7j
Affected version: >=5.1,<=5.1.41|<=5.0.24
Reported by:
GitHub -
[CRITICAL] ThinkPHP deserialization vulnerability
PKSA-jgyf-23n6-ght5 CVE-2022-38352 GHSA-qjjj-7g7h-54v3
Affected version: <=6.0.13
Reported by:
GitHub -
[CRITICAL] Deserialization of Untrusted Data in topthink/framework
PKSA-vy17-3bc7-3v46 CVE-2022-33107 GHSA-g377-x8rg-c9mf
Affected version: <=6.0.12
Reported by:
GitHub -
[CRITICAL] thinkphp SQL Injection via the index.php s parameter
PKSA-54y9-n5rh-sxfq CVE-2018-10225 GHSA-xvhr-7q4q-qjgp
Affected version: =3.1.3
Reported by:
GitHub -
[CRITICAL] ThinkPHP SQL Injection vulnerability
PKSA-2x1t-vd8w-6n55 CVE-2018-16385 GHSA-vcm7-88jx-3r39
Affected version: <5.1.23
Reported by:
GitHub -
[CRITICAL] ThinkPHP SQL injection vulnerability
PKSA-xjhx-vx6k-r2d7 CVE-2018-17566 GHSA-75fm-52mm-q5rm
Affected version: =5.1.24
Reported by:
GitHub -
[CRITICAL] ThinkPHP SQLi Vulnerability
PKSA-bqq2-g2f2-zn8p CVE-2018-18530 GHSA-7xfj-4jpg-58vf
Affected version: <=5.1.25
Reported by:
GitHub -
[CRITICAL] ThinkPHP SQLi Vulnerability
PKSA-8bn1-3j52-x55x CVE-2018-18529 GHSA-78q9-24gv-g288
Affected version: <=3.2.4
Reported by:
GitHub -
[CRITICAL] ThinkPHP SQLi Vulnerability
PKSA-1n1q-y2rr-cnxm CVE-2018-18546 GHSA-j7g8-3qqg-8cvm
Affected version: <=3.2.4
Reported by:
GitHub -
[CRITICAL] Deserialization of Untrusted Data in topthink/framework
PKSA-spt2-xb1y-b6nn CVE-2021-23592 GHSA-3fpv-54ff-wqfj
Affected version: <6.0.12
Reported by:
GitHub -
[HIGH] Exposure of Resource to Wrong Sphere in ThinkPHP Framework
PKSA-93ch-nz5g-swgx CVE-2022-25481 GHSA-69wp-xwm7-69wm
Affected version: <=5.0.24
Reported by:
GitHub -
[HIGH] ThinkPHP Remote Code Execution (RCE) vulnerability
PKSA-vg29-jdjq-wr5m CVE-2021-44892 GHSA-75jp-87w2-c6x2
Affected version: <=3.2.3
Reported by:
GitHub -
[CRITICAL] ThinkPHP5 SQL Injection vulnerability
PKSA-kw5d-25d5-cxh2 CVE-2021-44350 GHSA-q868-c4vw-qjx3
Affected version: >=5.0,<=5.1.22
Reported by:
GitHub -
[CRITICAL] Deserialization of Untrusted Data in topthink/framework
PKSA-4nmg-mnm5-bhxt CVE-2021-36564 GHSA-33gc-6cw9-w3g4
Affected version: <6.0.9
Reported by:
GitHub -
[CRITICAL] Deserialization of Untrusted Data in topthink/framework
PKSA-hjvd-97t3-2cwk CVE-2021-36567 GHSA-qrvj-274h-hfcg
Affected version: <=6.0.8
Reported by:
GitHub