ThinkCMF

php中文网 Courses

Dec 18, 2020 · Information Security

ThinkCMF Privilege Escalation Vulnerability in ThinkPHP 5.0 and Its Mitigation

The article explains a privilege‑escalation flaw in the ThinkCMF CMS built on ThinkPHP 5.0, demonstrates how to exploit it via crafted URLs to invoke arbitrary PHP functions such as phpinfo, and describes the official fix that adds strict controller name validation.