CVE-2018-20062

CriticalKnown Exploited

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted…

mitre·NVD-CWE-noinfo·Published 2018-12-11

CVSS

9.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

254 chars

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

NVDen

254 chars

NVDes

290 chars

Se ha descubierto un problema en NoneCms V1.3. thinkphp/library/think/App.php permite que atacantes remotos ejecuten código PHP arbitrario mediante el uso manipulado el parámetro filter, tal y como queda demostrado con la cadena de consulta s=index/\think\Request/inputfilter=phpinfodata=1.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H