Loading
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
Use CWE-89, Thinkphp vendor hub and Thinkphp product page to widen CVE-2018-17566 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-63888, CVE-2025-50707 and CVE-2025-50706 for nearby disclosures in the same product family.