Tag: template injection

All the articles with the tag "template injection".

[CVE-2025-63888] ThinkPHP 5.0.24 Template File Inclusion Drops a Remote Shell

20 Nov, 2025

A path-traversal flaw in ThinkPHP’s File template driver lets unauthenticated attackers include arbitrary files and execute embedded PHP. Proof-of-concept code is public and exploitation requires only the ability to upload a file.

[CVE-2025-63888] ThinkPHP 5.0.24 Template File Inclusion Drops a Remote Shell