CVE-2018-25270
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Thinkphp | ThinkPHP | 5.0.23 | affected |
| Thinkphp | ThinkPHP | 5.1.31 | affected |
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/45978
- https://thinkphp.cn
- https://github.com/top-think/framework/
- https://www.vulncheck.com/advisories/thinkphp-remote-code-execution-via-invokefunction
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.