ThinkPHP 5.0.9 Information Disclosure

Nash N Sulthan
Published on
16 Jun 2021

ThinkPHP is a popular Chinese PHP development framework that is an open-source and object-oriented PHP development framework. ThinkPHP 5.0.9 Information Disclosure is a vulnerability that occurs when the framework does not filter the controller name efficiently. This helps the attacker to use the sensitive functions of the ThinkPHP framework using the URL and initiate Remote Code Execution.

Mitigation / Precaution

  • If you are using ThinkPHP 5.0.9, upgrade to the latest version of ThinkPHP framework.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment