vulnerability

ThinkPHP in OpenBMS: CVE-2019-9082: ThinkPHP 5.0.23 Remote Code Execution

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Dec 10, 2018
Added
Feb 28, 2022
Modified
May 3, 2022

Description

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Solution

thinkphp-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.