← back
CVE-2018-20062

CVE-2018-20062

CVSS 9.8 CRITICALEPSS 99.5%● KEV
In short

NoneCms V1.3 allows attackers to run harmful code on the server by manipulating a filter parameter in the URL. This lets anyone take complete control of the website without needing special access.

Technical detail

Remote code execution vulnerability in NoneCms V1.3 via unsanitized filter parameter in thinkphp/library/think/App.php. Attackers can inject arbitrary PHP code through crafted query strings exploiting insufficient input validation, requiring only network access to the vulnerable endpoint.

Summary generated and translated by AI from the official description.
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found5
githubgithub.com/NS-Sp4ce/thinkphp5.XRce6githubgithub.com/yilin1203/CVE-2018-200622githubgithub.com/shenhui35/RedArrow2cve_referencepacketstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48333unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.htmlhttps://github.com/nangge/noneCms/issues/21https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20062