CVE-2020-20120

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile0.18th

Published2021年9月28日

Last Modified2024年11月21日

Vulnerability Description

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.

📦

Thinkphp

<= 3.2.3

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter...

thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code...

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Abstra...