A ThinkPHP5 Plugin to Detect Remote Code Execution Vulnerability Added
Dec 13 2018
Content
Target customers: Web Application developers that use the ThinkPHP framework. Vulnerability overview: Due to the lack of controller filtering by the ThinkPHP5 framework (when the url_route_must parameter is not specified to true), hackers can circumvent security by generating malicious URL requests. The attack exploits web shells to invoke internal functions and gain unauthorized access to servers. Affected version: ThinkPHP 5.0.* and 5.1.*. Unaffected Version: ThinkPHP 5.0.23 and 5.1.31.