The version of ThinkPHP hosted on the remote web server allows an unauthenticated, remote attacker to execute arbitrary php code through multiple parameters.
Binary data thinkphp_rce.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9082
www.exploit-db.com/exploits/45978
www.exploit-db.com/exploits/48333