Vulnerabilities > Thinkphp > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-44289 Unrestricted Upload of File with Dangerous Type vulnerability in Thinkphp 5.0.24/5.1.41
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
network
low complexity
thinkphp CWE-434
8.8
2022-03-21 CVE-2022-25481 Exposure of Resource to Wrong Sphere vulnerability in Thinkphp 5.0.24
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter.
network
low complexity
thinkphp CWE-668
7.5
2022-02-10 CVE-2021-44892 Unspecified vulnerability in Thinkphp 3.2.3
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
network
low complexity
thinkphp
8.8
2019-02-24 CVE-2019-9082 Missing Authentication for Critical Function vulnerability in multiple products
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
network
low complexity
thinkphp opensourcebms zzzcms CWE-306
8.8