Thinkphp

Thinkphp

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-50707

Exploit
  • EPSS 0.6%
  • Published 05.08.2025 15:15:30
  • Last modified 14.08.2025 16:08:15

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component

9.8

CVE-2025-50706

Exploit
  • EPSS 0.6%
  • Published 05.08.2025 15:15:29
  • Last modified 14.08.2025 16:08:26

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function

9.8

CVE-2024-48112

Exploit
  • EPSS 2.01%
  • Published 30.10.2024 21:15:14
  • Last modified 17.06.2025 15:38:05

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

9.8

CVE-2024-44902

  • EPSS 72.64%
  • Published 09.09.2024 20:15:05
  • Last modified 20.09.2024 14:55:38

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

6.1

CVE-2024-34467

Exploit
  • EPSS 0.05%
  • Published 04.05.2024 20:15:07
  • Last modified 17.06.2025 15:02:34

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.

9.8

CVE-2022-45982

Exploit
  • EPSS 0.97%
  • Published 08.02.2023 21:15:10
  • Last modified 25.03.2025 14:15:18

thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

9.8

CVE-2022-47945

Exploit
  • EPSS 90.62%
  • Published 23.12.2022 21:15:09
  • Last modified 15.04.2025 14:15:39

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system command...

8.8

CVE-2022-44289

Exploit
  • EPSS 0.16%
  • Published 06.12.2022 16:15:11
  • Last modified 23.04.2025 15:15:52

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.

9.8

CVE-2022-38352

Exploit
  • EPSS 4.27%
  • Published 15.09.2022 02:15:09
  • Last modified 21.11.2024 07:16:18

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

9.8

CVE-2022-33107

Exploit
  • EPSS 24.57%
  • Published 29.06.2022 12:15:07
  • Last modified 21.11.2024 07:07:33

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.