CVE-2024-44902

CRITICAL EXPLOITED

Thinkphp 6.1.3-8.0.4 - Code Injection

Title source: llm
STIX 2.1

Description

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Exploits (2)

nomisec WORKING POC 7 stars
by fru1ts · remote
https://github.com/fru1ts/CVE-2024-44902
nomisec WORKING POC
by KrE80r · poc
https://github.com/KrE80r/CVE-2024-44902-env

References (2)

Core 2
Core References

Scores

CVSS v3 9.8
EPSS 0.8412
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-12-08
CWE
CWE-502
Status published
Products (2)
thinkphp/thinkphp 6.1.3 - 8.0.4
topthink/framework 6.1.3Packagist
Published Sep 09, 2024
Tracked Since Feb 18, 2026