ThinkPHP is a lightweight PHP development framework that features simplicity, practicality, outstanding performance, and clear code. Chinese security researchers have detected a defect in the design of ThinkPHP caching functions in the use of cache. The defect allows a malicious user to implement remote Getshell and obtain the website administrator privilege, which poses security risks to the website application.
See the following for more information about the vulnerability.
Getshell vulnerability resulting from the design defect of ThinkPHP caching functions
When a user uses ThinkPHP 3.2.3–5.0.10 and the caching function is enabled, a remote attacker can use specially constructed data to remotely submit POST, trigger the vulnerability, and obtain website permissions.
Condition and method of exploitation
An attacker can remotely exploit this vulnerability when the caching function is enabled.
Check whether ThinkPHP 3.2.3–5.0.10 are used and the caching function is enabled.
How to fix or mitigate
By default, the caching function is disabled for ThinkPHP. We recommend that you check whether the caching function is enabled. If you do not need to use the caching function, disable it temporarily to avoid risks.
If you use ThinkPHP 3.2, we recommend that you enable DATA_CACHE_KEY.
We recommend that you install and use the product based on official recommendations.