Tag: thinkphp
All the articles with the tag "thinkphp".
-
[CVE-2025-63889] ThinkPHP 5.0.24 Lets Attackers Read Any File on the Server
A directory traversal flaw in ThinkPHP’s template engine allows unauthenticated users to pull arbitrary files, including configuration secrets, straight from disk.
-
[CVE-2025-63888] ThinkPHP 5.0.24 Template File Inclusion Drops a Remote Shell
A path-traversal flaw in ThinkPHP’s File template driver lets unauthenticated attackers include arbitrary files and execute embedded PHP. Proof-of-concept code is public and exploitation requires only the ability to upload a file.
-
[CVE-2025-50707] ThinkPHP 3 File Inclusion Lets Attackers Execute Arbitrary Code
A template-handling flaw in ThinkPHP 3.2.5 lets remote users include and run server-side files without authentication, leading to full remote code execution.
-
[CVE-2025-50706] From Local File Inclusion to Remote Code Execution in ThinkPHP 5.1
A flaw in ThinkPHP 5.1 lets unauthenticated attackers include arbitrary files, pivoting to full code execution on the web server. Because ThinkPHP backs many Chinese-language CMS and e-commerce platforms, the blast radius is wide.