Topthink Framework vulnerabilities
17 known vulnerabilities affecting topthink/framework.
Total CVEs
17
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL13HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-47945P1CRITICALExploitedPoC≥ 0, < 6.0.142022-12-23
CVE-2022-47945 [CRITICAL] CWE-22 ThinkPHP Framework vulnerable to remote code execution
ThinkPHP Framework vulnerable to remote code execution
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (`lang_switch_on=true`). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including `pearcmd.php`.
ghsaosv
CVE-2024-44902P1CRITICALExploitedPoC≥ 6.1.3, ≤ 8.0.42024-09-09
CVE-2024-44902 [CRITICAL] CWE-502 ThinkPHP deserialization vulnerability
ThinkPHP deserialization vulnerability
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
ghsaosv
CVE-2021-44892P1HIGHExploited≥ 0, ≤ 3.2.32022-02-11
CVE-2021-44892 [HIGH] ThinkPHP Remote Code Execution (RCE) vulnerability
ThinkPHP Remote Code Execution (RCE) vulnerability
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
ghsaosv
CVE-2022-25481P3HIGHPoC≥ 0, ≤ 5.0.242022-03-22
CVE-2022-25481 [HIGH] CWE-284 Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
ghsaosv
CVE-2022-33107P2CRITICAL≥ 0, ≤ 6.0.122022-06-30
CVE-2022-33107 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework
Deserialization of Untrusted Data in topthink/framework
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
ghsaosv
CVE-2022-38352P2CRITICAL≥ 0, ≤ 6.0.132022-09-16
CVE-2022-38352 [CRITICAL] CWE-502 ThinkPHP deserialization vulnerability
ThinkPHP deserialization vulnerability
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component `League\Flysystem\Cached\Storage\Psr6Cache`. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
ghsaosv
CVE-2025-50706P2CRITICAL≥ 0, ≤ 5.1.412025-08-05
CVE-2025-50706 [CRITICAL] CWE-22 ThinkPHP Path Traversal Vulnerability
ThinkPHP Path Traversal Vulnerability
An issue in ThinkPHP Framework v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function.
ghsaosv
CVE-2018-16385P3CRITICAL≥ 0, < 5.1.232022-05-14
CVE-2018-16385 [CRITICAL] CWE-89 ThinkPHP SQL Injection vulnerability
ThinkPHP SQL Injection vulnerability
ThinkPHP before 5.1.23 allows SQL Injection via the `public/index/index/test/index` query string.
ghsaosv
CVE-2021-23592P3CRITICALCVSS 9.8≥ unspecified, < 6.0.122022-05-06
CVE-2021-23592 [CRITICAL] CWE-502 CVE-2021-23592: The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
ghsanvdosv
CVE-2022-44289P3HIGH≥ 0, ≤ 5.0.24≥ 5.1, ≤ 5.1.412022-12-06
CVE-2022-44289 [HIGH] CWE-434 Thinkphp has a code logic error
Thinkphp has a code logic error
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
ghsaosv
CVE-2021-44350P3CRITICAL≥ 5.0, ≤ 5.1.222021-12-17
CVE-2021-44350 [CRITICAL] CWE-89 ThinkPHP5 SQL Injection vulnerability
ThinkPHP5 SQL Injection vulnerability
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
ghsaosv
CVE-2021-36567P3CRITICAL≥ 0, ≤ 6.0.82021-12-07
CVE-2021-36567 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework
Deserialization of Untrusted Data in topthink/framework
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.
ghsaosv
CVE-2021-36564P3CRITICAL≥ 0, < 6.0.92021-12-10
CVE-2021-36564 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework
Deserialization of Untrusted Data in topthink/framework
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.
ghsaosv
CVE-2018-18546P3CRITICAL≥ 0, ≤ 3.2.42022-05-14
CVE-2018-18546 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability
ThinkPHP SQLi Vulnerability
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the `Library/Think/Db/Driver.class.php` parseOrder function mishandles the key variable.
ghsaosv
CVE-2018-18530P3CRITICAL≥ 0, ≤ 5.1.252022-05-14
CVE-2018-18530 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability
ThinkPHP SQLi Vulnerability
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
ghsaosv
CVE-2018-18529P3CRITICAL≥ 0, ≤ 3.2.42022-05-14
CVE-2018-18529 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability
ThinkPHP SQLi Vulnerability
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the `Library/Think/Db/Driver/Mysql.class.php` `parseKey` function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
ghsaosv
CVE-2024-34467P4MEDIUM≥ 8.0.0, < 8.0.4≥ 6.1.0, < 6.1.5+1 more2024-05-04
CVE-2024-34467 [MEDIUM] CWE-79 ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.
ghsaosv