CVE-2019-9082
ThinkPHP Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
YesDecision
Descriptions
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
ThinkPHP, en versiones anteriores a la 3.2.4, tal y como se emplea en Open Source BMS v1.1.1 y otros productos, permite la ejecuciĆ³n remota de comandos mediante public//?s=index/\think\app/invokefunctionfunction=call_user_func_arrayvars[0]=systemvars[1][]=, seguido por el comando.
zzzphp CMS version 1.6.1 suffers from a cross site request forgery vulnerability.
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-24 CVE Reserved
- 2019-02-24 CVE Published
- 2019-03-04 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2025-01-03 EPSS Updated
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://github.com/vulhub/vulhub/tree/master/thinkphp/5-rce | ||
| https://github.com/vulhub/vulhub/tree/master/thinkphp/5.0.23-rce |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/151967 | 2019-03-04 | |
| https://packetstorm.news/files/id/157218 | 2020-04-14 | |
| https://www.exploit-db.com/exploits/48333 | 2020-04-16 | |
| https://www.exploit-db.com/exploits/46488 | 2024-08-04 | |
| http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html | 2024-08-04 | |
| https://github.com/xiayulei/open_source_bms/issues/33 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Thinkphp Search vendor "Thinkphp" | Thinkphp Search vendor "Thinkphp" for product "Thinkphp" | < 3.2.4 Search vendor "Thinkphp" for product "Thinkphp" and version " < 3.2.4" | - |
Affected
| ||||||
| Opensourcebms Search vendor "Opensourcebms" | Open Source Background Management System Search vendor "Opensourcebms" for product "Open Source Background Management System" | 1.1.1 Search vendor "Opensourcebms" for product "Open Source Background Management System" and version "1.1.1" | - |
Affected
| ||||||
| Zzzcms Search vendor "Zzzcms" | Zzzphp Search vendor "Zzzcms" for product "Zzzphp" | 1.6.1 Search vendor "Zzzcms" for product "Zzzphp" and version "1.6.1" | - |
Affected
| ||||||