CVE-2018-25270

CRITICAL

ThinkPHP 5.0.23 Remote Code Execution via invokefunction

Title source: cna

Description

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.

Exploits (1)

exploitdb WORKING POC

by VulnSpy · textwebappsphp

https://www.exploit-db.com/exploits/45978

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/45978

[Product] https://thinkphp.cn

[Product] https://github.com/top-think/framework/

[Third Party Advisory] https://www.vulncheck.com/advisories/thinkphp-remote-code-execution-via-invokefunction

Scores

CVSS v3 9.8

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-639

Status published

Products (2)

Thinkphp/ThinkPHP 5.0.23

Thinkphp/ThinkPHP 5.1.31

Published Apr 22, 2026

Tracked Since Apr 22, 2026