ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)

Vulnerability Overview Over the last few months, a remote code execution bug on Chinese open source framework ThinkPHP is being actively exploited by attackers to deliver a variety of malware. Poorly handled input is a leading cause behind the vulnerability. As a result, a remote attacker can send a crafted HTTP request to execute arbitrary … Continue reading “ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)”

ThinkPHP Remote Code Execution Vulnerability

Recently, ThinkPHP released an advisory, for a high-risk remote code execution (RCE) vulnerability. The vulnerability exists because ThinkPHP framework improperly checks controller names. This may lead to possible getshell vulnerabilities without the forced routing enabled. A proof of concept (PoC) exploiting this vulnerability was also published soon after the advisory. The proof-of-concept code exploits a … Continue reading “ThinkPHP Remote Code Execution Vulnerability”