Vulnerability Database

Published: Sep 29, 2021
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-20120" target="_blank" rel="noopener"> CVE-2020-20120
GHSA: <a href="https://github.com/advisories/GHSA-m7h5-fjjq-559f" target="_blank" rel="noopener"> GHSA-m7h5-fjjq-559f
Severity: Critical
Exploit:

296,746

Total vulnerabilities in the database

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
thinkphp / thinkphp	-	3.2.3.x
topthink / thinkphp	-	3.2.3.x

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.