CVE-2022-38352

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ThinkPHP version 6.0.13

Description The issue is related to a deserialization vulnerability via the LeagueFlysystemCachedStoragePsr6Cache component. This allows attackers to execute arbitrary code by using a crafted payload.

Recommendations For ThinkPHP version 6.0.13, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider disabling the LeagueFlysystemCachedStoragePsr6Cache component until a patch is available.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2022-38352

GHSA-QJJJ-7G7H-54V3

Affected Products

Leagueflysystemcachedstoragepsr6Cache

Thinkphp

CVE-2022-38352

Weakness Enumeration

Related Identifiers

Affected Products

References · 6