CVE-2021-44350: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

December 15, 2021 (updated December 20, 2021)

SQL Injection vulnerability exists in ThinkPHP5 via the parseOrder function in Builder.php.

References

github.com/top-think/framework/issues/2613
nvd.nist.gov/vuln/detail/CVE-2021-44350

Code Behaviors & Features

Detect and mitigate CVE-2021-44350 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →