PT-2025-31940 · Thinkphp3 · Thinkphp3

Xinyisleep

·

Publicado

2025-08-05

·

Atualizado

2025-08-05

·

CVE-2025-50707

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions thinkphp3 version 3.2.5
Description An issue in thinkphp3 allows a remote attacker to execute arbitrary code via the index.php component. This can be achieved through crafted template inclusion, requiring no login.
Recommendations Block public access to index.php. Add Web Application Firewall (WAF) rules.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2025-50707

Produtos afetados

Thinkphp3