彙總 thinkphp 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本、路徑處理缺陷、檔案包含與緩衝區溢位,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞、工作階段劫持與未授權存取 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-25270 | ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. | [email protected] | 9.3 | 0.89% | 2026-04-22 | 2026-06-16 |
| CVE-2025-63889 | The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. | [email protected] | 7.5 | 0.26% | 2025-11-20 | 2026-06-17 |
| CVE-2025-63888 | The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. | [email protected] | 9.8 | 0.49% | 2025-11-20 | 2026-06-17 |
| CVE-2025-50707 | An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component | [email protected] | 9.8 | 0.99% | 2025-08-05 | 2026-06-17 |
| CVE-2025-50706 | An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function | [email protected] | 9.8 | 0.99% | 2025-08-05 | 2026-06-17 |
| CVE-2024-48112 | A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | [email protected] | 9.8 | 0.86% | 2024-10-30 | 2026-06-17 |
| CVE-2024-44902 | A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | [email protected] | 9.8 | 4.30% | 2024-09-09 | 2026-06-17 |
| CVE-2024-34467 | ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. | [email protected] | 6.1 | 0.42% | 2024-05-04 | 2026-06-17 |
| CVE-2022-45982 | thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | [email protected] | 9.8 | 1.23% | 2023-02-08 | 2026-06-17 |
| CVE-2022-47945 | ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. | [email protected] | 9.8 | 15.50% | 2022-12-23 | 2026-06-17 |
| CVE-2022-44289 | Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | [email protected] | 8.8 | 2.91% | 2022-12-06 | 2026-06-17 |
| CVE-2022-38352 | ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | [email protected] | 9.8 | 20.20% | 2022-09-14 | 2026-06-17 |
| CVE-2022-33107 | ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | [email protected] | 9.8 | 21.89% | 2022-06-29 | 2026-06-17 |
| CVE-2021-23592 | The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | [email protected] | 7.7 | 1.57% | 2022-05-06 | 2026-06-16 |
| CVE-2022-25481 | ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode. | [email protected] | 7.5 | 4.75% | 2022-03-20 | 2026-06-17 |
| CVE-2021-44892 | A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | [email protected] | 8.8 | 1.89% | 2022-02-10 | 2026-06-17 |
| CVE-2021-44350 | SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. | [email protected] | 9.8 | 1.37% | 2021-12-15 | 2026-06-17 |
| CVE-2021-36567 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | [email protected] | 9.8 | 2.41% | 2021-12-06 | 2026-06-16 |
| CVE-2021-36564 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | [email protected] | 9.8 | 1.84% | 2021-12-06 | 2026-06-16 |
| CVE-2020-20120 | ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. | [email protected] | 9.8 | 1.75% | 2021-09-28 | 2026-06-16 |