Xinyisleep

**Name of the Vulnerable Software and Affected Versions** thinkphp3 version 3.2.5 **Description** An issue in thinkphp3 allows a remote attacker to execute arbitrary code via the `index.php` component. This can be achieved through crafted template inclusion, requiring no login. **Recommendations** Block public access to `index.php`. Add Web Application Firewall (WAF) rules.

**Name of the Vulnerable Software and Affected Versions** thinkphp version 5.1 **Description** An issue in thinkphp version 5.1 allows a remote attacker to execute arbitrary code via the `routecheck` function. This flaw enables remote, unauthenticated users to include files and run code. **Recommendations** Upgrade to the latest ThinkPHP version. Apply a patch to address the issue.