Known Vulnerabilities for ThinkPHP by Thinkphp
Listed below are 10 of the newest known vulnerabilities associated with "ThinkPHP" by "Thinkphp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-47945 json | ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled... | 9.8 - CRITICAL | 2022-12-23 | 2023-08-08 |
| CVE-2022-45982 json | thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execut... | 9.8 - CRITICAL | 2023-02-08 | 2023-02-16 |
| CVE-2022-44289 json | Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | 8.8 - HIGH | 2022-12-06 | 2022-12-08 |
| CVE-2022-38352 json | ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\... | 9.8 - CRITICAL | 2022-09-15 | 2022-09-16 |
| CVE-2022-33107 json | ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-a... | 9.8 - CRITICAL | 2022-06-29 | 2022-07-08 |
| CVE-2022-25481 json | ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access al... | 7.5 - HIGH | 2022-03-21 | 2022-03-29 |
| CVE-2021-44892 json | A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a mal... | 8.8 - HIGH | 2022-02-10 | 2022-02-23 |
| CVE-2021-44350 json | SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. | 9.8 - CRITICAL | 2021-12-15 | 2021-12-20 |
| CVE-2021-36567 json | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\A... | 9.8 - CRITICAL | 2021-12-06 | 2021-12-07 |
| CVE-2021-36564 json | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-ad... | 9.8 - CRITICAL | 2021-12-06 | 2021-12-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Thinkphp | Thinkphp | 6.0.0 | |||
| Application | Thinkphp | Thinkphp | 6.0.0 | |||
| Application | Thinkphp | Thinkphp | 6.0.0 | |||
| Application | Thinkphp | Thinkphp | 5.2 | |||
| Application | Thinkphp | Thinkphp | 5.2 | |||
| Application | Thinkphp | Thinkphp | 5.2 | |||
| Application | Thinkphp | Thinkphp | 5.1.9 | |||
| Application | Thinkphp | Thinkphp | 5.1.8 | |||
| Application | Thinkphp | Thinkphp | 5.1.7 | |||
| Application | Thinkphp | Thinkphp | 5.1.6 | |||
| Application | Thinkphp | Thinkphp | 5.1.5 | |||
| Application | Thinkphp | Thinkphp | 5.1.4 | |||
| Application | Thinkphp | Thinkphp | 5.1.38.1 | |||
| Application | Thinkphp | Thinkphp | 5.1.38 | |||
| Application | Thinkphp | Thinkphp | 5.1.37 | |||
| Application | Thinkphp | Thinkphp | 5.1.35 | |||
| Application | Thinkphp | Thinkphp | 5.1.34 | |||
| Application | Thinkphp | Thinkphp | 5.1.32 | |||
| Application | Thinkphp | Thinkphp | 5.1.31 | |||
| Application | Thinkphp | Thinkphp | 5.1.3 |