Rapid7 Vulnerability & Exploit Database

ThinkPHP in NoneCMS: CVE-2018-20062: ThinkPHP 5.0.23 Remote Code Execution

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

ThinkPHP in NoneCMS: CVE-2018-20062: ThinkPHP 5.0.23 Remote Code Execution

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/10/2018
Created
03/16/2022
Added
03/11/2022
Modified
05/03/2022

Description

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.

This check requires the Metasploit Remote Check Service to be enabled on Scan Engines. Please see the Metasploit Remote Check Service documentation for instructions on how to enable this functionality.

Solution(s)

  • thinkphp-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;