-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from how ThinkPHP's query builder handles array parameters in the order() method. When user-controlled input (like the 'order' GET parameter) is passed directly to order() as an array key-value pair, the framework fails to properly escape the array keys. This allows attackers to inject SQL expressions through crafted keys (e.g., 'id`|updatexml(...)#'). The GitHub issue demonstrates this vulnerability pattern and confirms the order method's role in query construction. The patch in 5.1.23 likely added proper escaping for array keys in ORDER BY processing.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| topthink/framework | composer | < 5.1.23 | 5.1.23 |