11 matches found
EUVD-2022-2172
Malicious code in bioql PyPI...
Arbitrary Code Execution (ACE)
topthink/framework is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input handling in the routecheck function, which allows an attacker to execute arbitrary code remotely...
Sensitive Information Disclosure
topthink/framework is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of error messages, which can reveal the PHPSESSION cookie through debug error output source code when a crafted URI is used in a GET request...
Remote Code Execution (RCE)
topthink/framework is vulnerable to remote execution. The vulnerability exists because the lang parameter is not properly validated, which allows a remote attacker to inject and execute arbitrary commands...
Deserialization of Untrusted Data in topthink/framework
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
Deserialization Of Untrusted Data
topthink/framework is vulnerable to deserialization of untrusted data. The vulnerability exists in unserialize function in Driver.php due to the use of string type as the method parameter which allows an attacker to control the state or the flow of the execution...
GHSA-3FPV-54FF-WQFJ Deserialization of Untrusted Data in topthink/framework
The package topthink/framework before version 6.0.12 is vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
Deserialization of Untrusted Data in topthink/framework
The package topthink/framework before version 6.0.12 is vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
Deserialization of untrusted data
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
CVE-2021-23592 Deserialization of Untrusted Data
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
Deserialization of Untrusted Data
Overview topthink/framework is a The ThinkPHP Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. Details Serialization is a process of converting an object into a sequence of bytes which can be...