Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability - Vulnerability Database

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

Description

ThinkPHP is an widely used PHP development framework in China.

In ThinkPHP versions <= v5.0.22/5.1.29 the framework processes controller name incorrectly, allowing an attacker to execute any framework function, resulting in a RCE (Remote Code Execution) vulnerability.

Remediation

Upgrade to the latest version of ThinkPHP.

References

ThinkPHP security update
thinkphp 5.x vulnerability

Related Vulnerabilities

Check for apache versions up to 1.3.25, 2.0.38 High
Common tags: Code Execution
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) High
Common tags: Code Execution
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) High
Common tags: Code Execution
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) High
Common tags: Code Execution
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) High
Common tags: Code Execution

Severity

High

Classification

CWE-94
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution