PT-2022-12253 · Thinkphp · Thinkphp
Y4Tacker
·
Published
2022-02-10
·
Updated
2022-02-23
·
CVE-2021-44892
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ThinkPHP versions 3.x.x
Description
A Remote Code Execution (RCE) issue exists via the
value[ filename] in index.php, allowing a malicious user to obtain server control privileges.Recommendations
For ThinkPHP versions 3.x.x, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the index.php file or disabling the
value[ filename] parameter to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Thinkphp