CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
References
Link Resource
http://thinkphp.com Product
https://github.com/fru1ts/CVE-2024-44902 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*

History

20 Sep 2024, 14:55

Type Values Removed Values Added
First Time Thinkphp thinkphp
Thinkphp
CPE cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*
References () http://thinkphp.com - () http://thinkphp.com - Product
References () https://github.com/fru1ts/CVE-2024-44902 - () https://github.com/fru1ts/CVE-2024-44902 - Third Party Advisory

10 Sep 2024, 20:35

Type Values Removed Values Added
CWE CWE-502
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

10 Sep 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de deserialización en Thinkphp v6.1.3 a v8.0.4 permite a los atacantes ejecutar código arbitrario.

09 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-09 20:15

Updated : 2024-09-20 14:55


NVD link : CVE-2024-44902

Mitre link : CVE-2024-44902

CVE.ORG link : CVE-2024-44902


JSON object : View

Products Affected

thinkphp

  • thinkphp
CWE
CWE-502

Deserialization of Untrusted Data