cbcvebase.

Topthink Framework vulnerabilities

17 known vulnerabilities affecting topthink/framework.

Total CVEs
17
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL13HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-47945P1CRITICALExploitedPoC≥ 0, < 6.0.142022-12-23
CVE-2022-47945 [CRITICAL] CWE-22 ThinkPHP Framework vulnerable to remote code execution ThinkPHP Framework vulnerable to remote code execution ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (`lang_switch_on=true`). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including `pearcmd.php`.
ghsaosv
CVE-2024-44902P1CRITICALExploitedPoC≥ 6.1.3, ≤ 8.0.42024-09-09
CVE-2024-44902 [CRITICAL] CWE-502 ThinkPHP deserialization vulnerability ThinkPHP deserialization vulnerability A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
ghsaosv
CVE-2021-44892P1HIGHExploited≥ 0, ≤ 3.2.32022-02-11
CVE-2021-44892 [HIGH] ThinkPHP Remote Code Execution (RCE) vulnerability ThinkPHP Remote Code Execution (RCE) vulnerability A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
ghsaosv
CVE-2022-25481P3HIGHPoC≥ 0, ≤ 5.0.242022-03-22
CVE-2022-25481 [HIGH] CWE-284 Exposure of Resource to Wrong Sphere in ThinkPHP Framework Exposure of Resource to Wrong Sphere in ThinkPHP Framework ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
ghsaosv
CVE-2022-33107P2CRITICAL≥ 0, ≤ 6.0.122022-06-30
CVE-2022-33107 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework Deserialization of Untrusted Data in topthink/framework ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
ghsaosv
CVE-2022-38352P2CRITICAL≥ 0, ≤ 6.0.132022-09-16
CVE-2022-38352 [CRITICAL] CWE-502 ThinkPHP deserialization vulnerability ThinkPHP deserialization vulnerability ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component `League\Flysystem\Cached\Storage\Psr6Cache`. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
ghsaosv
CVE-2025-50706P2CRITICAL≥ 0, ≤ 5.1.412025-08-05
CVE-2025-50706 [CRITICAL] CWE-22 ThinkPHP Path Traversal Vulnerability ThinkPHP Path Traversal Vulnerability An issue in ThinkPHP Framework v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function.
ghsaosv
CVE-2018-16385P3CRITICAL≥ 0, < 5.1.232022-05-14
CVE-2018-16385 [CRITICAL] CWE-89 ThinkPHP SQL Injection vulnerability ThinkPHP SQL Injection vulnerability ThinkPHP before 5.1.23 allows SQL Injection via the `public/index/index/test/index` query string.
ghsaosv
CVE-2021-23592P3CRITICALCVSS 9.8≥ unspecified, < 6.0.122022-05-06
CVE-2021-23592 [CRITICAL] CWE-502 CVE-2021-23592: The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
ghsanvdosv
CVE-2022-44289P3HIGH≥ 0, ≤ 5.0.24≥ 5.1, ≤ 5.1.412022-12-06
CVE-2022-44289 [HIGH] CWE-434 Thinkphp has a code logic error Thinkphp has a code logic error Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
ghsaosv
CVE-2021-44350P3CRITICAL≥ 5.0, ≤ 5.1.222021-12-17
CVE-2021-44350 [CRITICAL] CWE-89 ThinkPHP5 SQL Injection vulnerability ThinkPHP5 SQL Injection vulnerability SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
ghsaosv
CVE-2021-36567P3CRITICAL≥ 0, ≤ 6.0.82021-12-07
CVE-2021-36567 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework Deserialization of Untrusted Data in topthink/framework ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.
ghsaosv
CVE-2021-36564P3CRITICAL≥ 0, < 6.0.92021-12-10
CVE-2021-36564 [CRITICAL] CWE-502 Deserialization of Untrusted Data in topthink/framework Deserialization of Untrusted Data in topthink/framework ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.
ghsaosv
CVE-2018-18546P3CRITICAL≥ 0, ≤ 3.2.42022-05-14
CVE-2018-18546 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability ThinkPHP SQLi Vulnerability ThinkPHP 3.2.4 has SQL Injection via the order parameter because the `Library/Think/Db/Driver.class.php` parseOrder function mishandles the key variable.
ghsaosv
CVE-2018-18530P3CRITICAL≥ 0, ≤ 5.1.252022-05-14
CVE-2018-18530 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability ThinkPHP SQLi Vulnerability ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
ghsaosv
CVE-2018-18529P3CRITICAL≥ 0, ≤ 3.2.42022-05-14
CVE-2018-18529 [CRITICAL] CWE-89 ThinkPHP SQLi Vulnerability ThinkPHP SQLi Vulnerability ThinkPHP 3.2.4 has SQL Injection via the count parameter because the `Library/Think/Db/Driver/Mysql.class.php` `parseKey` function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
ghsaosv
CVE-2024-34467P4MEDIUM≥ 8.0.0, < 8.0.4≥ 6.1.0, < 6.1.5+1 more2024-05-04
CVE-2024-34467 [MEDIUM] CWE-79 ThinkPHP Cross-Site Scripting Vulnerability ThinkPHP Cross-Site Scripting Vulnerability ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.
ghsaosv
Topthink Framework vulnerabilities | cvebase