|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-07-30 | |
| Rule Name: | ThinkCMF Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ThinkCMF is an open source content management framework (CMF) that supports Swoole, developed based on ThinkPHP. Remote code execution vulnerability exists in ThinkCMFX 2.2.3. This vulnerability is because the program does not filter the template file name, the attacker can write webshell to the cache file through this vulnerability, and then the framework will include the cache file, resulting in the execution of webshell. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |