edit-icon download-icon

[Vulnerability notice] Getshell vulnerability resulting from the design defect of ThinkPHP caching functions

Last Updated: Apr 08, 2018

ThinkPHP is a lightweight PHP development framework that features simplicity, practicality, outstanding performance, and clear code. Chinese security researchers have detected a defect in the design of ThinkPHP caching functions in the use of cache. The defect allows a malicious user to implement remote Getshell and obtain the website administrator privilege, which poses security risks to the website application.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

Getshell vulnerability resulting from the design defect of ThinkPHP caching functions

Vulnerability rating

Medium

Vulnerability description

When a user uses ThinkPHP 3.2.3–5.0.10 and the caching function is enabled, a remote attacker can use specially constructed data to remotely submit POST, trigger the vulnerability, and obtain website permissions.

Condition and method of exploitation

An attacker can remotely exploit this vulnerability when the caching function is enabled.

Affected scope

ThinkPHP 3.2.3-5.0.10

Vulnerability detection

Check whether ThinkPHP 3.2.3–5.0.10 are used and the caching function is enabled.

How to fix or mitigate

  • By default, the caching function is disabled for ThinkPHP. We recommend that you check whether the caching function is enabled. If you do not need to use the caching function, disable it temporarily to avoid risks.

  • If you use ThinkPHP 3.2, we recommend that you enable DATA_CACHE_KEY.

  • We recommend that you install and use the product based on official recommendations.

Thank you! We've received your feedback.