CVE Catalog
CVE-2024-44902
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk4.21%
90th percentile - higher than 90% of all known CVEs
Summary
A deserialization vulnerability in ThinkPHP versions 6.1.3 through 8.0.4 allows attackers to execute arbitrary code remotely. The issue stems from unsafe processing of input data during deserialization.
Risk Assessment
An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.
Recommendation
Immediately update ThinkPHP to the latest available version that includes the security fix. Additionally, restrict access to the application and implement input validation mechanisms.
Original NVD description (English source)
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

