vulnerability
ThinkPHP in OpenBMS: CVE-2019-9082: ThinkPHP 5.0.23 Remote Code Execution
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Dec 10, 2018 | Feb 28, 2022 | May 3, 2022 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Dec 10, 2018
Added
Feb 28, 2022
Modified
May 3, 2022
Description
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Solution
thinkphp-upgrade-latest

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.