Critical severity9.8NVD Advisory· Published Apr 22, 2026· Updated Apr 27, 2026
CVE-2018-25270
CVE-2018-25270
Description
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/45978nvdExploitThird Party AdvisoryVDB Entry
- www.vulncheck.com/advisories/thinkphp-remote-code-execution-via-invokefunctionnvdThird Party Advisory
- thinkphp.cnnvdBroken Link
News mentions
0No linked articles in our index yet.