Vulnerabilities > Thinkphp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-06 | CVE-2022-44289 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkphp 5.0.24/5.1.41 Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | 8.8 |
2022-03-21 | CVE-2022-25481 | Exposure of Resource to Wrong Sphere vulnerability in Thinkphp 5.0.24 ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. | 7.5 |
2022-02-10 | CVE-2021-44892 | Unspecified vulnerability in Thinkphp 3.2.3 A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | 8.8 |
2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 8.8 |