Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

ThinkPHP Remote Code Execution Vulnerability in NoneCms

Vulnerability

Exploited

A remote code execution vulnerability exists in ThinkPHP versions through 5.0.23, specifically within the NoneCms application version 1.3. The issue arises from improper handling of the filter parameter, which can be exploited by sending a crafted query string. This vulnerability allows attackers to execute arbitrary PHP code on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, executed as the web user.

Reproduction

To reproduce this vulnerability, send a request to the 'index.php' file with the 's' parameter set to a random value. Include the 'filter' parameter with a value that specifies the PHP function to be executed, such as 'phpinfo', and the 'data' parameter with a value of '1'. This will trigger the vulnerability by executing the specified PHP function on the server.

Added: May 15, 2026, 8:59 AM

Updated: May 15, 2026, 8:59 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

9.9

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

9.9

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

ThinkPHP Remote Code Execution Vulnerability in NoneCms

Vulnerability

Impact

Reproduction

Affected Products

NoneCms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating