Strike ID:
E19-0zh61
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
18
Year:
2018

Description

This strike exploits a remote code execution in ThinkPHP framework. The flaw is rooted within the invokefunction method as a consequence of no parameter validation. A remote, unauthenticated attacker may thus be able to execute code on the vulnerable Machine with the permissions of the user running the web server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}