825 matches found
ThinkPHP deserialization vulnerability
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...
CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...
CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...
CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...
CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...
ThinkPHP 安全漏洞
Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology. A security vulnerability exists in ThinkPHP versions v6.1.3 through v8.0.4, which stems from the presence of a deserialization...
CVE-2024-44902
ThinkPHP 6.1.3–8.0.4 is vulnerable to insecure deserialization that leads to remote code execution when the Memcached PHP extension is installed. The exploit chain described in the connected exploit document involves deserializing user input via unserialize() through internal classes: ResourceReg...
bjyadmin 安全漏洞
bjyadmin is an integrated application based on ThinkPHP extensions by the individual developer baijunyao. A security vulnerability exists in bjyadmin version a560fd5, which stems from the presence of a cross-site scripting XSS vulnerability via Public/statics/umeditor123/php/imageUp.php...
VulnCheck KEV: CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
vaeThink Security Vulnerabilities
vaeThink is a software application. Based on ThinkPHP5 and Layui development, while keeping the core concepts of rapid development and the road to simplicity unchanged, it provides basic development and encapsulation of the functions necessary for general projects, helping users to quickly comple...
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their...
2024: Old CVEs, New Targets — Active Exploitation of ThinkPHP
...
RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now...
GHSA-969F-V7JV-PGJ3 ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
CVE-2024-34467
ThinkPHP 8.0.3 is affected by a cross‑site scripting (XSS) flaw caused by inadequate filtering of function argument values in think_exception.tpl. Remote attackers may exploit this to inject scripts; several sources also describe potential disclosure of the PHPSESSION cookie via error output. Red...
ThinkPHP 安全漏洞
Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology. A security vulnerability exists in ThinkPHP version 8.0.3, which originated from allowing remote attackers to discover the...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...