CVE-2022-45982
First published: Wed Feb 08 2023(Updated: )
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ThinkPHP ThinkPHP | >=6.0.0<=6.0.13 | |
| ThinkPHP ThinkPHP | =6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-45982.
What is the severity of CVE-2022-45982?
The severity of CVE-2022-45982 is critical.
Which versions of thinkphp are affected by CVE-2022-45982?
thinkphp versions 6.0.0 to 6.0.13 and 6.1.0 to 6.1.1 are affected by CVE-2022-45982.
How does the deserialization vulnerability in thinkphp allow attackers to execute arbitrary code?
The deserialization vulnerability in thinkphp allows attackers to execute arbitrary code by sending a crafted payload.
Is there a fix available for CVE-2022-45982?
Yes, upgrading to a fixed version of thinkphp will fix the vulnerability.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/thinkphp
- canonical/thinkphp thinkphp
- version/thinkphp thinkphp/6.0.0
- version/thinkphp thinkphp/6.0.13
- version/thinkphp thinkphp/6.1.0