CVE-2020-21176

CRITICAL

ThinkJS 3.2.10 - SQL Injection via model.increment and model.decrement step parameter

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.jiguang.xyz/posts/thinkjs-sql-injection/

Scores

CVSS v3 9.8
EPSS 0.0149
EPSS Percentile 71.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
npm/thinkjs 0npm
thinkjs/thinkjs 3.2.10
Published Feb 01, 2021
Tracked Since Feb 18, 2026