VYPR
Critical severity9.8NVD Advisory· Published Apr 22, 2026· Updated Apr 27, 2026

CVE-2018-25270

CVE-2018-25270

Description

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Thinkphp/Thinkphp3 versions
    cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*range: >=5.0.0,<5.0.23
    • cpe:2.3:a:thinkphp:thinkphp:5.1.31:*:*:*:*:*:*:*
    • (no CPE)range: =5.0.23

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.