CVE-2019-9082

HIGH KEV NUCLEI

Thinkphp < 3.2.4 - Missing Authentication

Title source: rule

Description

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/48333

View Code ZIP pw:eip

exploitdb WORKING POC

by Yang Chenglong · textwebappsphp

https://www.exploit-db.com/exploits/46488

View Code ZIP pw:eip

Nuclei Templates (1)

ThinkPHP < 3.2.4 - Remote Code Execution

HIGHVERIFIEDby 0xanis

FOFA: app="ThinkPHP"

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/xiayulei/open_source_bms/issues/33

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46488/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-9082

Scores

CVSS v3 8.8

EPSS 0.9425

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2019-01-13

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-18467

CWE

CWE-306 CWE-94

Status published

Products (3)

opensourcebms/open_source_background_management_system 1.1.1

thinkphp/thinkphp < 3.2.4

zzzcms/zzzphp 1.6.1

Published Feb 24, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026