|
|||
Rule General Information |
---|
Release Date: | 2020-08-26 | |
Rule Name: | ThinkPHP5 Remote Code Execution Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework. ThinkPHP5 has remote code execution. The vulnerability is due to the ThinkPHP framework incorrectly handling controller names, it can execute any method if the website doesn't have mandatory routing enabled (which is default), resulting in a RCE vulnerability. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
Upgrade to lastest version. |