Intrusion Prevention

ThinkPHP.HTTP.VARS.S.Remote.Code.Injection

Description

This indicates an attack attempt to exploit a Remote Code Injection Vulnerability in ThinkPHP.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP request. A remote attacker can exploit this vulnerability by sending a crafted HTTP. Successful exploitation could result in arbitrary code execution in the context of the server application.

Affected Products

ThinkPHP between version 5.0.0 and version 5.0.23

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
http://www.thinkphp.cn/down.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2020-03-03	15.787	Modified	Default_action:pass:drop
2019-12-20	15.749	Modified	Sig Added
2019-12-18	15.747	New

References

https://blog.thinkphp.cn/910675

ID	48592
Created	Dec 19, 2019
Updated	Sep 24, 2020
Risk
Default Action	drop
Active
Affected OS	Windows, Linux, BSD, Solaris, MacOS
Affected App	PHP_app
Profile Type	Code Injection

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

ThinkPHP.HTTP.VARS.S.Remote.Code.Injection

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

ThinkPHP.HTTP.VARS.S.Remote.Code.Injection

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Threat Intelligence
Center