Thinkphp

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-63889 HIGH This Month

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Information Disclosure Thinkphp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63888 CRITICAL This Week

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lfi PHP RCE Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-50707 CRITICAL POC Act Now

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-50706 CRITICAL POC Act Now

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-63889
EPSS 0% CVSS 7.5
HIGH This Month

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Information Disclosure +1
NVD GitHub
CVE-2025-63888
EPSS 0% CVSS 9.8
CRITICAL This Week

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lfi PHP RCE +1
NVD GitHub
CVE-2025-50707
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
CVE-2025-50706
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thinkphp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy