CVE-2022-45982

Name of the Vulnerable Software and Affected Versions thinkphp versions 6.0.0 through 6.0.13 thinkphp versions 6.1.0 through 6.1.1

Description The issue allows attackers to execute arbitrary code via a crafted payload, exploiting a deserialization vulnerability. This can be achieved by sending a malicious payload to be deserialized, potentially leading to remote code execution.

Recommendations For thinkphp versions 6.0.0 through 6.0.13, update to a version outside of this range to mitigate the risk. For thinkphp versions 6.1.0 through 6.1.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the unserialize() function until a patch is available.