4 matches found
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...
VulnCheck KEV: CVE-2018-20062
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter...
CVE-2018-20062
creationtimestamp| type| source ---|---|--- 2019-01-18 14:45:48+00:00| exploited| https://t.me/SecLabNews/4058 2019-01-18 19:49:50+00:00| seen| MISP/5c422d7a-ef88-4ce7-ae90-75e20a021402 2019-02-06 01:53:29+00:00| seen| MISP/5c5a3d7b-ba70-474a-bd8a-1b5a0a021402 2020-04-13 14:35:55+00:00| seen|...
CVE-2018-20062
CVE-2018-20062 affects ThinkPHP/NoneCMS with remote code execution via crafted filter parameter in s=index/\think\Request/input&filter=phpinfo&data=1. Public sources in connected docs identify vulnerable versions as ThinkPHP <= 5.0.23 (and 5.1.x