Boletines de Vulnerabilidades

ThinkPHP 5.x Remote Code Execution

Información sobre el sistema
   
Software afectado Wordpress

Descripción
http://feedproxy.google.com/~r/sucuri/blog/~3/zwipU_PCCcw/thinkphp-5-x-remote-code-execution.html Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was

More info:

http://feedproxy.google.com/~r/sucuri/blog/~3/zwipU_PCCcw/thinkphp-5-x-remote-code-execution.html

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-04-19

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT