CVE-2022-38352
First published: Thu Sep 15 2022(Updated: )
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ThinkPHP ThinkPHP | =6.0.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for ThinkPHP v6.0.13?
The vulnerability ID for ThinkPHP v6.0.13 is CVE-2022-38352.
What is the severity level of CVE-2022-38352?
The severity level of CVE-2022-38352 is critical.
How can an attacker exploit CVE-2022-38352?
An attacker can exploit CVE-2022-38352 by executing arbitrary code via a crafted payload.
Which component does CVE-2022-38352 exploit?
CVE-2022-38352 exploits the component League\Flysystem\Cached\Storage\Psr6Cache.
Is there a fix available for CVE-2022-38352?
Yes, a fix for CVE-2022-38352 is available. Please refer to the provided reference link for more information.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/thinkphp
- canonical/thinkphp thinkphp
- version/thinkphp thinkphp/6.0.13