CVE-2024-44902

This repository provides a functional exploit for CVE-2024-44902, a deserialization vulnerability in ThinkPHP v6.1.3 to v8.0.4. It includes a detailed payload generation script and demonstrates how to achieve RCE by exploiting the Memcached driver's deserialization chain.

This repository provides a fully functional Dockerized environment for CVE-2024-44902, a critical insecure deserialization vulnerability in ThinkPHP 6.1.3-8.0.4. It includes vulnerable endpoints (`/api/sync` and `/api/import`) that directly unserialize user-controlled input, enabling RCE when the Memcached extension is present.