thinkphp 漏洞列表
共找到 22 个与 thinkphp 相关的漏洞
📅 加载漏洞趋势中...
-
CNVD-2024-39045: Thinkphp3 文件包含漏洞 POC
Thinkphp3 存在文件包含漏洞,可以读取任意文件内容。 -
CVE-2022-33107: ThinkPHP 6.0.12 反序列化 RCE POC
通过组件 vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php 发现 ThinkPHP v6.0.12 包含反序列化漏洞。此漏洞允许攻击者通过精心设计的有效负载执行任意代码。 -
CVE-2022-47945: Thinkphp Lang - Local File Inclusion POC
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. FOFA: header="think_lang" SHODAN: title:"Thinkphp" -
thinkphp-509-information-disclosure: ThinkPHP 5.0.9 Information Disclosure POC
Verbose SQL error message reveals sensitive information including database credentials. -
thinkphp-debug-detected: Thinkphp Debug Detected POC
app="ThinkPHP" -
thinkphp-detect: ThinkPHP detect POC
fofa app="ThinkPHP" -
thinkphp-errors: ThinkPHP Errors - Sensitive Information Exposure POC
FOFA: app="ThinkPHP" && title="System Error" -
thinkphp-2-rce: ThinkPHP 2 3 's' Parameter RCE POC
ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution. -
thinkphp-3-0-log-rce: Thinkphp 3.0 log 远程命令执行漏洞 POC
ThinkPHP是一套开源的、基于PHP的轻量级Web应用开发框架。该漏洞是在受影响的版本中,业务代码中如果模板赋值方法assign的第一个参数可控,则可导致模板文件路径变量被覆盖为携带攻击代码的文件路径,造成任意文件包含,执行任意代码。 蚁剑连接,得到一个webshell,密码为1(日志文件名需改为今天的日期) debug模式关闭:http://x.x.x.x:23707/index.php?m=Home&c=Index&a=index&value[_filename]=./Application/Runtime/Logs/Common/22_04_13.log debug模式开启:http://x.x.x.x:23707/index.php?m=Home&c=Index&a=index&value[_filename]=./Application/Runtime/Logs/Home/22_04_13.log fofa-query: "thinkphp" -
thinkphp-5-0-23-index-php-method-rce: ThinkPHP 5.0.23 RCE POC
Thinkphp5 5.0(<5.0.24) Remote Code Execution. -
thinkphp-501-rce: ThinkPHP 5.0.1 - Remote Code Execution POC
ThinkPHP 5.0.1 allows remote unauthenticated attackers to execute arbitrary code via the 's' parameter. -
thinkphp-5010-rce: ThinkPHP 5.0.10 RCE POC
ThinkPHP <= 5.0.13 -
thinkphp-5022-5129-rce: ThinkPHP 5.0.22 RCE POC
Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default). -
thinkphp-5023-rce: ThinkPHP 5.0.23 RCE POC
Thinkphp5 5.0(<5.0.24) Remote Code Execution. -
thinkphp-5024-5130-rce: ThinkPHP 5.0.22 TO 5.1.29 RCE POC
A vulnerability in ThinkPHP allows remote unauthenticated attackers to cause the product to execute arbitrary code via the 's' parameter. -
thinkphp-50x-arbitrary-file-read: Thinkphp 5.x Arbitrary file read POC
TP5-Arbitrary-file-read -
thinkphp-lang-rce: thinkphpRce POC
thinkphp多语言模块存在Rce漏洞 app="Thinkphp" -
thinkphp5-controller-rce: thinkphp5-controller-rce POC
thinkphp5-controller-rce -
ThinkPHP /index.php 信息泄露漏洞(CVE-2022-25481) 无POC
ThinkPHP是中国顶想信息科技公司开发的一款基于PHP的开源轻量级Web应用程序开发框架。ThinkPHP 5.0.24版本由于未正确配置PATHINFO参数,攻击者可以通过访问index.php获取系统环境参数,从而可能导致敏感信息泄露、数据篡改或执行未授权操作。 -
CVE-2018-20062: ThinkPHP 5.0.23 - Remote Code Execution POC
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. -
CVE-2022-25481: ThinkPHP 5.0.24 - Information Disclosure POC
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. -
CVE-2022-47945: Thinkphp Lang - Local File Inclusion POC
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.