CVE-2018-16385

Name of the Vulnerable Software and Affected Versions ThinkPHP versions prior to 5.1.23

Description The issue allows SQL Injection via the "public/index/index/test/index" query string. This enables an attacker to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data.

Recommendations For versions prior to 5.1.23, update to version 5.1.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the "public/index/index/test/index" endpoint until a patch is applied. Avoid using user-supplied input in SQL queries to minimize the risk of exploitation.