8 matches found
Untrusted Object Deserialisation
topthink/think is vulnerable to untrusted object deserialisation. The vulnerability exists in the AbstractCache function in CacheStore.php which allows an attacker to inject and execute arbitrary code via a crafted payload...
CVE-2022-33107
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
GHSA-QRVJ-274H-HFCG Deserialization of Untrusted Data in topthink/framework
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
CVE-2021-36567
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
CVE-2021-36567
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
Deserialization of untrusted data
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
CVE-2021-36567
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
CVE-2021-36567
ThinkPHP v6.0.8 contains a deserialization vulnerability in the League\Flysystem\Cached\Storage\AbstractCache component. Affected software: ThinkPHP v6.0.8. Root cause: deserialization vulnerability in the specified cache storage AbstractCache. Impact (per NVD): CVSS v3.1 base score 9.8 (CRITICAL...