On December 9th, 2018, ThinkPHP released the latest security update that addressing a vulnerability of remote code execution.The vulnerability was caused by the framework's insufficient checks on controller names in case forced routing is not enabled. Eventually, GetShell vulnerability in the server may be exploited by hackers, affecting ThinkPHP 5.0, ThinkPHP 5.1 versions. Although it is not hard to exploit the vulnerability, the impact could be destructive.
Date Published:2018-12-22 Read More >>
Security Event More>>
- 2018-12-22 [Alert] Remote Code Execution Vulnerability in Multiple ThinkPHP 5 Versions
- 2018-10-24 [Alert] WebLogic Java Deserialization Vulnerability (CVE-2018-3245)
- 2018-09-19 [Alert] New Remote Code Execution Vulnerability in All ECShop Products
- 2018-08-24 Struts2 Remote Code Execution Vulnerability (S2-057)
- 2018-07-25 [Alert] WebLogic Deserialization Vulnerability CVE-2018-2893
- 2019-01-11 OrangeForum 1.4.0 Open Redirection
- 2019-01-11 BlogEngine 3.3 XML External Entity Injection
- 2019-01-11 PEAR Archive_Tar PHP Object Injection
- 2019-01-10 Mantis 2.11.1 Cross Site Scripting
- 2019-01-10 IBM API Connect CVE-2018-1932 Information Disclosure Vulnerability
Third-Party Anti-Malware Software
Check if your network is infected with virus.