Loading
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Use CWE-89, Thinkphp vendor hub and Thinkphp product page to widen CVE-2020-20120 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-63888, CVE-2025-50707 and CVE-2025-50706 for nearby disclosures in the same product family.