CVE-2018-25270

ThinkPHP 5.0.23 remote code execution via invokefunction: unauthenticated attackers can craft requests to index.php with malicious function parameters to execute arbitrary PHP code with application privileges. Impacted component is ThinkPHP 5.0.23 routing invokefunction pathway. CVSS metrics in t...