Lucene search
China National Vulnerability DatabaseCNVD-2022-63888HistoryJul 01, 2022 - 12:00 a.m.
ThinkPHP deserialization vulnerability
2022-07-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.002 Low
EPSS
Percentile
58.4%
ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology. thinkPHP v6.0.12 version has a deserialization vulnerability, which originates from the component vendorleagueflysystem-cached- adaptersrcStorageAbstractCache.php in receiving unsafe deserialization of serialized data submitted by the user. An attacker could exploit this vulnerability to execute arbitrary code via a carefully crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| δΈε½ι‘Άζ³δΏ‘ζ―η§ζε ¬εΈ thinkphp v | eq | 6.0.12 |
Related
cve
cve
CVE-2022-33107
2022-06-29 12:15:07
osv
osv
Deserialization of Untrusted Data in topthink/framework
2022-06-30 00:00:41
CVE-2022-33107
2022-06-29 12:15:07
cvelist
cvelist
CVE-2022-33107
2022-06-29 11:38:41
nvd
nvd
CVE-2022-33107
2022-06-29 12:15:07
veracode
veracode
Untrusted Object Deserialisation
2022-06-30 09:55:11
prion
prion
Deserialization of untrusted data
2022-06-29 12:15:00
github
github
Deserialization of Untrusted Data in topthink/framework
2022-06-30 00:00:41