CVE-2018-18529

Name of the Vulnerable Software and Affected Versions ThinkPHP version 3.2.4

Description The issue is related to SQL Injection via the count parameter. This occurs because the parseKey function in the Library/Think/Db/Driver/Mysql.class.php file mishandles the key variable. It is noted that a backquote character is not required in the attack URI.

Recommendations For ThinkPHP version 3.2.4, consider restricting access to the count parameter to minimize the risk of SQL Injection until a patch is available. As a temporary workaround, avoid using the parseKey function in the Library/Think/Db/Driver/Mysql.class.php file until the issue is resolved.