CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2022-47945
https://notcve.org/view.php?id=CVE-2022-47945
23 Dec 2022 — ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. • https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44289
https://notcve.org/view.php?id=CVE-2022-44289
06 Dec 2022 — Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Thinkphp 5.1.41 y 5.0.24 tiene un error de lógica de código que provoca la carga del archivo getshell. • https://github.com/top-think/framework/issues/2772 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23592 – Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-23592
06 May 2022 — The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. El paquete topthink/framework versiones anteriores a 6.0.12, es vulnerable a una Deserialización de Datos No Confiables debido al método no seguro unserialize en la clase Driver • https://github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905c • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18530
https://notcve.org/view.php?id=CVE-2018-18530
19 Oct 2018 — ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. ThinkPHP 5.1.25 tiene una inyección SQL mediante el parámetro count debido a que la función aggregate en library/think/db/Query.php gestiona de manera incorrecta la variable aggregate. NOTA: se requiere un carácter de acento grave en el URI del ataque. • https://www.kingkk.com/2018/10/Thinkphp-%E8%81%9A%E5%90%88%E6%9F%A5%E8%AF%A2%E6%BC%8F%E6%B4%9E/#ThinkPHP5-lt-5-1-25 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •