Vulnerability Details CVE-2020-20120
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-20120
-
cpe:2.3:a:thinkphp:thinkphp:-
-
cpe:2.3:a:thinkphp:thinkphp:3.1.3
-
cpe:2.3:a:thinkphp:thinkphp:3.2.3