CVE Catalog

CVE-2024-44902

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
4.21%

90th percentile - higher than 90% of all known CVEs

Summary

A deserialization vulnerability in ThinkPHP versions 6.1.3 through 8.0.4 allows attackers to execute arbitrary code remotely. The issue stems from unsafe processing of input data during deserialization.

Risk Assessment

An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.

Recommendation

Immediately update ThinkPHP to the latest available version that includes the security fix. Additionally, restrict access to the application and implement input validation mechanisms.

Original NVD description (English source)

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS