返回 CVE 浏览器

CVE-2018-20062

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score74.1450%

EPSS Percentile94.66th

Published2018年12月11日

Last Modified2025年11月7日

Vulnerability Description

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

Affected Platforms (CPE)

📦

5none

Nonecms

= 1.3.0

References & Advisories

🔗 http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html

🔗 https://github.com/nangge/noneCms/issues/21

🔗 http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html

🔗 https://github.com/nangge/noneCms/issues/21

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20062

相关漏洞威胁

CVE-2018-72198.8

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an accou...

CVE-2020-186477.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor"...

CVE-2020-186467.5

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.ph...

CVE-2018-60297.5

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of in...