CVE-2022-44289: Thinkphp has a code logic error

December 6, 2022 (updated December 8, 2022)

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.

References

github.com/advisories/GHSA-59fh-rjq3-xq7j
github.com/top-think/framework/issues/2772
nvd.nist.gov/vuln/detail/CVE-2022-44289

Detect and mitigate CVE-2022-44289 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →