CVE-2018-20062
CVE-2018-20062
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 99.5%KEV simPoC públicaNuclei simMetasploit simPatch —
Lifecycle
10 Dec 2018Metasploit module available
11 Dec 2018Published on NVD
17 Mar 2019Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
NoneCms V1.3 allows attackers to run harmful code on the server by manipulating a filter parameter in the URL. This lets anyone take complete control of the website without needing special access.
Technical detail
Remote code execution vulnerability in NoneCms V1.3 via unsanitized filter parameter in thinkphp/library/think/App.php. Attackers can inject arbitrary PHP code through crafted query strings exploiting insufficient input validation, requiring only network access to the vulnerable endpoint.
Summary generated and translated by AI from the official description.
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/NS-Sp4ce/thinkphp5.XRce★ 6githubgithub.com/yilin1203/CVE-2018-20062★ 2githubgithub.com/shenhui35/RedArrow★ 2cve_referencepacketstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48333unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →