Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2018-18546
Disclosure Date: October 21, 2018 (last updated November 27, 2024)
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
0
Attacker Value
Unknown
CVE-2018-18529
Disclosure Date: October 19, 2018 (last updated November 27, 2024)
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
0
