vulnerability

ThinkPHP in OpenBMS: CVE-2019-9082: ThinkPHP 5.0.23 Remote Code Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	2018-12-10	2022-02-28	2022-05-03

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

2018-12-10

Added

2022-02-28

Modified

2022-05-03

Description

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Solution

thinkphp-upgrade-latest

References

CVE-2019-9082
https://attackerkb.com/topics/CVE-2019-9082

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today