|
|||
Rule General Information |
---|
Release Date: | 2019-01-12 | |
Rule Name: | ThinkPHP var_method Remote Code Execution Vulnerability | |
Severity: | Critical | |
CVE ID: | ||
Rule Protection Details |
---|
Description: | ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework. ThinkPHP 5.0.23 and before has remote code execution. ThinkPHP is an extremely widely used PHP development framework in China. In its version 5.0(<5.0.24), while obtaining the request method, the framework processes it incorrectly, which allows an attacker to call any method of the Request class, resulting in a RCE vulnerability through a specific exploit chain. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Mac OS, Other Unix, Linux | |
Reference: | ||
Solutions |
---|
Upgrade to version 5.0.24 to solve the problem. |