|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-01-12 | |
| Rule Name: | ThinkPHP var_method Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework. ThinkPHP 5.0.23 and before has remote code execution. ThinkPHP is an extremely widely used PHP development framework in China. In its version 5.0(<5.0.24), while obtaining the request method, the framework processes it incorrectly, which allows an attacker to call any method of the Request class, resulting in a RCE vulnerability through a specific exploit chain. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Mac OS, Other Unix, Linux | |
| Reference: | ||
| Solutions |
|---|
| Upgrade to version 5.0.24 to solve the problem. |