ThinkPHP CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited ThinkPHP CVE published 2021-11-03

CVE-2019-9082

CVE-2019-9082 is a ThinkPHP remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because it is identified as actively exploited, affected ThinkPHP deployments should be treated as a priority patching item and handled using vendor-directed remediation guidance.

Known exploited ThinkPHP CVE published 2021-11-03

CVE-2018-20062

CVE-2018-20062 affects ThinkPHP noneCms and is listed by CISA in the Known Exploited Vulnerabilities catalog, indicating known exploitation. The defensive takeaway is straightforward: identify any exposed or installed noneCms deployments and apply vendor updates per instructions as soon as possible.