ThinkPHP version 5.x suffers from a remote command execution vulnerability.
a3a0d90dd580a9cdc42b8b449a00f5a6a5823b29948d0c84e8619865d6cf8ad4
This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.
87a750017e1450c65c2d4bc6d1f3d6577145d8196416598c9ff417583b4d8502
ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability.
f7e20d2a8ac1a511c88ba6dcd93cdc57528b015ebc0771753754ca00b620d5eb
ThinkPHP versions 2.0 and below suffer from cross site scripting vulnerabilities.
a7208e5112a62b9ed7872de827624e94648b6e690b6581cc22685d4380ec8629