CVE-2018-18546

Published: Oct 21, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/top-think/thinkphp/commit/9748cb80d2f24c89218f358ca2f5ab88ee33396f

x_refsource_MISC

https://98587329.github.io/2018/10/09/thinkphp%E6%B3%A8%E5%85%A5%E5%88%86%E6%9E%90/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-18546

Description

Affected Products

References