Tag: remote code execution

All the articles with the tag "remote code execution".

• [CVE-2025-63888] ThinkPHP 5.0.24 Template File Inclusion Drops a Remote Shell

  20 Nov, 2025

  A path-traversal flaw in ThinkPHP’s File template driver lets unauthenticated attackers include arbitrary files and execute embedded PHP. Proof-of-concept code is public and exploitation requires only the ability to upload a file.

• [CVE-2025-50707] ThinkPHP 3 File Inclusion Lets Attackers Execute Arbitrary Code

  6 Aug, 2025

  A template-handling flaw in ThinkPHP 3.2.5 lets remote users include and run server-side files without authentication, leading to full remote code execution.

• [CVE-2025-50706] From Local File Inclusion to Remote Code Execution in ThinkPHP 5.1

  5 Aug, 2025

  A flaw in ThinkPHP 5.1 lets unauthenticated attackers include arbitrary files, pivoting to full code execution on the web server. Because ThinkPHP backs many Chinese-language CMS and e-commerce platforms, the blast radius is wide.

• [CVE-2025-34039] Yonyou UFIDA NC BeanShell Servlet Hands Over Remote Code Execution

  23 Jun, 2025

  A forgotten BeanShell test servlet inside Yonyou UFIDA NC up to 6.5 lets unauthenticated users inject Java code and run operating-system commands. Although the framework is popular mainly in mainland China, many ERP deployments expose the vulnerable endpoint to the internet.