CVE-2022-45982

thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

Published: Feb 8, 2023
Updated: May 9, 2024
CVE: CVE-2022-45982
GHSA: GHSA-j2h2-g882-x9j2
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
thinkphp / thinkphp	6.1.0	6.1.0.x
thinkphp / thinkphp	6.0.0	6.0.13.x
topthink / think	-	6.1.1.x

https://gist.github.com/Dar1in9s/aa87df679057db3bbdade360d77f8cca

Vulnerability Database

CVE-2022-45982