Product
thinkphp
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-25270
CVE-2025-63889
CVE-2025-63888
CVE-2025-50707
CVE-2025-50706
CVE-2024-48112
CVE-2024-44902
CVE-2024-34467
CVE-2022-45982
CVE-2022-47945
CVE-2022-44289
CVE-2022-38352
CVE-2022-33107
CVE-2021-23592
CVE-2022-25481
CVE-2021-44892
CVE-2021-44350
CVE-2021-36567
CVE-2021-36564
CVE-2020-20120
CVE-2019-9082
CVE-2018-18546
CVE-2018-18530
CVE-2018-18529
CVE-2018-17566
CVE-2018-16385
CVE-2018-10225
>= 5.0.0 and < 5.0.23
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code
all versions
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via cra
all versions
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vuln
all versions
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
all versions
An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
>= 6.1.3 and <= 8.0.4
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute ar
>= 6.1.3 and <= 8.0.4
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
all versions
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.t
>= 6.0.0 and <= 6.0.13
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arb
< 6.0.14
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lan
all versions
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
all versions
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6C
all versions
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapte
< 6.0.12
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize metho
all versions
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all sys
all versions
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a maliciou
>= 5.0.0 and <= 5.1.22
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
all versions
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Abstra
all versions
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter
<= 3.2.3
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" an
< 3.2.4
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/
all versions
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishand
all versions
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the
all versions
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mis
all versions
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by
< 5.1.23
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
all versions
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.