pkg:Packagist/topthink/framework

All known vulnerabilities

• CRITICAL9.8CVE-2024-44902ThinkPHP deserialization vulnerability
  >= 6.1.3, <= 8.0.4
• CRITICAL9.8CVE-2022-47945ThinkPHP Framework vulnerable to remote code execution
  from 0, < 6.0.14
• CRITICAL9.8CVE-2022-38352ThinkPHP deserialization vulnerability
  from 0, <= 6.0.13
• CRITICAL9.8CVE-2022-33107Deserialization of Untrusted Data in topthink/framework
  from 0, <= 6.0.12
• CRITICAL9.8CVE-2018-10225thinkphp SQL Injection via the index.php s parameter
• CRITICAL9.8CVE-2018-16385ThinkPHP SQL Injection vulnerability
  from 0, < 5.1.23
• CRITICAL9.8CVE-2018-17566ThinkPHP SQL injection vulnerability
• CRITICAL9.8CVE-2018-18529ThinkPHP SQLi Vulnerability
  from 0, <= 3.2.4
• CRITICAL9.8CVE-2018-18530ThinkPHP SQLi Vulnerability
  from 0, <= 5.1.25
• CRITICAL9.8CVE-2018-18546ThinkPHP SQLi Vulnerability
  from 0, <= 3.2.4
• CRITICAL9.8CVE-2021-23592Deserialization of Untrusted Data in topthink/framework
  from 0, < 6.0.12
• CRITICAL9.8CVE-2021-44350ThinkPHP5 SQL Injection vulnerability
  >= 5.0, <= 5.1.22
• CRITICAL9.8CVE-2021-36564Deserialization of Untrusted Data in topthink/framework
  from 0, < 6.0.9
• CRITICAL9.8CVE-2021-36567Deserialization of Untrusted Data in topthink/framework
  from 0, <= 6.0.8
• HIGH8.8CVE-2022-44289Thinkphp has a code logic error
  from 0, <= 5.0.24
• HIGH8.8CVE-2021-44892ThinkPHP Remote Code Execution (RCE) vulnerability
  from 0, <= 3.2.3
• HIGH7.5CVE-2022-25481Exposure of Resource to Wrong Sphere in ThinkPHP Framework
  from 0, <= 5.0.24
• MEDIUM6.1CVE-2024-34467ThinkPHP Cross-Site Scripting Vulnerability
  >= 8.0.0, < 8.0.4
• —CVE-2025-50706ThinkPHP Path Traversal Vulnerability
  from 0, <= 5.1.41