CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20062

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score74.1450%
EPSS Percentile94.66th
PublishedDec 11, 2018
Last ModifiedNov 7, 2025

Vulnerability Description

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

Affected Platforms (CPE)

πŸ“¦
5none

Nonecms

= 1.3.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html
πŸ”— https://github.com/nangge/noneCms/issues/21
πŸ”— http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html
πŸ”— https://github.com/nangge/noneCms/issues/21
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20062

Related Vulnerabilities

CVE-2018-72198.8

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an accou...

CVE-2020-186477.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor"...

CVE-2020-186467.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.ph...

CVE-2018-60297.5

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of in...