Aggregates CVE and security vulnerability intelligence across all thinkphp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, vendor risk path handling, and vendor risk file inclusion, with potential vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-9082 KEV | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | [email protected] | 8.8 | 97.42% | 2019-02-24 | 2026-06-16 |
| CVE-2018-18546 | ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | [email protected] | 9.8 | 1.66% | 2018-10-20 | 2026-06-16 |
| CVE-2018-18530 | ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | [email protected] | 9.8 | 1.20% | 2018-10-19 | 2026-06-16 |
| CVE-2018-18529 | ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | [email protected] | 9.8 | 1.20% | 2018-10-19 | 2026-06-16 |
| CVE-2018-17566 | In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | [email protected] | 9.8 | 1.54% | 2018-09-26 | 2026-06-16 |
| CVE-2018-16385 | ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | [email protected] | 9.8 | 2.11% | 2018-09-02 | 2026-06-16 |
| CVE-2018-10225 | thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | [email protected] | 9.8 | 1.14% | 2018-04-19 | 2026-06-16 |