Liu21St

**Name of the Vulnerable Software and Affected Versions** ThinkPHP version 3.2.4 **Description** The issue is related to SQL Injection via the `order` parameter. This occurs because the `parseOrder` function in the `Library/Think/Db/Driver.class.php` file mishandles the `key` variable. **Recommendations** For ThinkPHP version 3.2.4, consider restricting access to the `order` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `order` parameter or ensure proper validation and sanitization of user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.