Skip to content

Access Control: ThinkPHP ⅔ - Remote Code Execution

Identifier: thinkphp_2_rce

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

ThinkPHP 2.x and 3.0 in Lite mode are susceptible to remote code execution via the s parameter. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Reference:

Configuration

Example

Example configuration:

---
security_tests:
  thinkphp_2_rce:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.