CVE-2024-48112

CRITICAL

Thinkphp < 8.0.4 - Insecure Deserialization

Title source: rule

Description

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0178
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (2)

thinkphp/thinkphp < 8.0.4
topthink/thinkphp Packagist

Timeline

Published Oct 30, 2024
Tracked Since Feb 18, 2026