CVE-2019-9082 - ThinkPHP Remote Code Execution Vulnerability

Vulnerability Name

ThinkPHP Remote Code Execution Vulnerability

Description

ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-9082

Related News Articles

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentialsApril 10, 2025

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shellsJune 7, 2024