Miggo Logo
Miggo Vulnerability Database
CVE-2018-17566

CVE-2018-17566: ThinkPHP SQL injection vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-17566
GHSA ID
GHSA-75fm-52mm-q5rm
EPSS Score
0.49734%
CWE
CWE-89
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
topthink/frameworkcomposer= 5.1.24

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly mentions the 'delete' function being vulnerable when WHERE condition values are user-controlled. In ThinkPHP's architecture, database operations like DELETE are handled by the Query class. The CWE-89 classification confirms this is an SQL injection flaw caused by improper input sanitization. The GitHub issue (#858) and advisory both focus on the delete method's unsafe handling of user input in WHERE clauses, making think\db\Query::delete the clear entry point for exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In T*inkP*P *.*.**, t** inn*r *un*tion **l*t* **n ** us** *or SQL inj**tion w**n its W**R* *on*ition's v*lu* **n ** *ontroll** *y * us*r's r*qu*st.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly m*ntions t** '**l*t*' *un*tion **in* vuln*r**l* w**n W**R* *on*ition v*lu*s *r* us*r-*ontroll**. In T*inkP*P's *r**it**tur*, **t***s* op*r*tions lik* **L*T* *r* **n*l** *y t** `Qu*ry` *l*ss. T** *W*-** *l*ssi*