H3-2025-0049¶

Thinkphp Remote Code Execution Vulnerability

Description¶

A critical vulnerability in ThinkPHP, a popular PHP framework, allows attackers to execute arbitrary code remotely by manipulating the 's' parameter.

Impact¶

If exploited, this vulnerability permits attackers to execute arbitrary code on servers using ThinkPHP 5.x, potentially resulting in full server compromise.

References¶

• Detailed introduction to the s() method in thinkphp
• ThinkPHP 5.X - Remote Command Execution
• Threat Actors Rapidly Adopt New ThinkPHP RCE