Access Control: ThinkPHP 5.0.23 - Remote Code Execution¶

Identifier: thinkphp_5023_rce

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

ThinkPHP 5.0.23 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Reference:

https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce

Configuration¶

Example¶

Example configuration:

---
security_tests:
  thinkphp_5023_rce:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.