On December 9th, 2018, ThinkPHP released the latest security update that addressing a vulnerability of remote code execution.The vulnerability was caused by the framework's insufficient checks on controller names in case forced routing is not enabled. Eventually, GetShell vulnerability in the server may be exploited by hackers, affecting ThinkPHP 5.0, ThinkPHP 5.1 versions. Although it is not hard to exploit the vulnerability, the impact could be destructive.
Date Published:2018-12-22