CVE-2018-20062

CRITICAL KEV NUCLEI

NoneCms V1.3 - RCE

Title source: llm

Description

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

Exploits (5)

nomisec SCANNER 6 stars

by NS-Sp4ce · remote

https://github.com/NS-Sp4ce/thinkphp5.XRce

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by shenhui35 · poc

https://github.com/shenhui35/RedArrow

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by yilin1203 · remote

https://github.com/yilin1203/CVE-2018-20062

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/thinkphp_rce.rb

View Code ZIP pw:eip

exploitdb WORKING POC

rubyremotelinux

https://www.exploit-db.com/exploits/48333

View on exploitdb

Nuclei Templates (1)

ThinkPHP 5.0.23 - Remote Code Execution

CRITICALVERIFIEDby dr_set

FOFA: app="ThinkPHP"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://github.com/nangge/noneCms/issues/21

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20062

Scores

CVSS v3 9.8

EPSS 0.9431

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03

VulnCheck KEV 2019-06-12

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2018-12637

Classification

Status published

Affected Products (1)

5none/nonecms

Timeline

Published Dec 11, 2018

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026