CVE-2022-44289: Malicious File Upload
First published: Tue Dec 06 2022(Updated: )
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ThinkPHP ThinkPHP | =5.0.24 | |
| ThinkPHP ThinkPHP | =5.1.41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Thinkphp 5.1.41 and 5.0.24?
The vulnerability ID is CVE-2022-44289.
What is the severity rating of CVE-2022-44289?
The severity rating of CVE-2022-44289 is high.
What does the vulnerability in Thinkphp 5.1.41 and 5.0.24 allow?
The vulnerability in Thinkphp 5.1.41 and 5.0.24 allows an attacker to upload files and potentially gain remote code execution.
How can I fix the code logic error in Thinkphp 5.1.41 and 5.0.24?
To fix the code logic error in Thinkphp 5.1.41 and 5.0.24, apply the official patch or update to a version that addresses the vulnerability.
Where can I find more information about the vulnerability?
You can find more information about the vulnerability in Thinkphp 5.1.41 and 5.0.24 on the GitHub issue page: https://github.com/top-think/framework/issues/2772.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/thinkphp
- canonical/thinkphp thinkphp
- version/thinkphp thinkphp/5.0.24
- version/thinkphp thinkphp/5.1.41