Name of the Vulnerable Software and Affected Versions:

thinkphp3 version 3.2.5

Description:

An issue in thinkphp3 allows a remote attacker to execute arbitrary code via the `index.php` component. This can be achieved through crafted template inclusion, requiring no login.

Recommendations:

Block public access to `index.php`.

Add Web Application Firewall (WAF) rules.