This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in ThinkPHP.
The vulnerability is a result of the application's failure to properly sanitize user request. As a result, a remote attacker can send a crafted HTTP request to execute arbitrary code on a vulnerable server.

description-logoOutbreak Alert

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x and 5.1.x. The FortiGuard Labs continue seeing high exploitation attempts of these old vulnerabilities of more than 50,000 IPS device detections per day. There are multiple actors abusing this flaw to install malware such as Mirai like botnet, Lucifer, Cryptocurrency miners.

View the full Outbreak Alert Report

affected-products-logoAffected Products

v5.x below v5.0.23,v5.1.31

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-08-17 18.141 Sig Added
2020-08-12 15.904 Sig Added
2020-08-04 15.899 Sig Added
2019-03-29 14.583 Sig Added
2019-02-28 14.562 Sig Added
2019-01-29 14.536 Severity:medium:critical
2019-01-11 14.522 Default_action:pass:drop
2018-12-28 13.515