Actively exploited vulnerability

CVE-2019-9082: ThinkPHP Remote Code Execution Vulnerability

ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

CISA KEV source 3 Nov 2021 added 3 May 2022 remediation due

Affected product

ThinkPHP · ThinkPHP

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2019-9082.