Deserialization of Untrusted Data
thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
Advisories for Composer/Topthink/Think package
2023
2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.