Thinkphp: >> Thinkphp Security Vulnerabilities
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-20
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-11-20
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
CVSS Score
9.8
EPSS Score
0.008
Published
2025-08-05
An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
CVSS Score
9.8
EPSS Score
0.008
Published
2025-08-05
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-10-30
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.817
Published
2024-09-09
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-04
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-02-08
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
CVSS Score
9.8
EPSS Score
0.901
Published
2022-12-23
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-12-06
Page 1