CVE-2019-9082


02/24/2019

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

References: 
https://github.com/xiayulei/open_source_bms/issues/33



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *