ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

Description
  • ThinkPHP is an widely used PHP development framework in China.

    In ThinkPHP versions <= v5.0.22/5.1.29 the framework processes controller name incorrectly, allowing an attacker to execute any framework function, resulting in a RCE (Remote Code Execution) vulnerability.
Remediation
  • Upgrade to the latest version of ThinkPHP.
References