New Features

A ThinkPHP5 Plugin to Detect Remote Code Execution Vulnerability Added

Dec 13 2018

On December 10, 2018, the Alibaba Cloud Security emergency response center acknowledges that ThinkPHP released an official security update to fix a high-risk vulnerability.

Target customers: Web Application developers that use the ThinkPHP framework. Vulnerability overview: Due to the lack of controller filtering by the ThinkPHP5 framework (when the url_route_must parameter is not specified to true), hackers can circumvent security by generating malicious URL requests. The attack exploits web shells to invoke internal functions and gain unauthorized access to servers. Affected version: ThinkPHP 5.0.* and 5.1.*. Unaffected Version: ThinkPHP 5.0.23 and 5.1.31.

7th Gen ECS Is Now Available

Increase instance computing power by up to 40% and Fully equipped with TPM chips.
Powered by Third-generation Intel® Xeon® Scalable processors (Ice Lake).

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.