Access Control: ThinkPHP 5.0.23 - Remote Code Execution¶

Identifier: thinkphp_5023_rce

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

ThinkPHP 5.0.23 is susceptible to remote code execution, allowing attackers to execute malware, obtain sensitive information, modify data, and gain full control over compromised systems without authentication.

How we test: We test for remote code execution vulnerabilities in ThinkPHP 5.0.23 by attempting to execute commands through vulnerable endpoints and analyzing responses to detect if arbitrary code execution is possible.

Reference:

https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce

Configuration¶

Example¶

Example configuration:

---
security_tests:
  thinkphp_5023_rce:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.