CNNVD-202511-2314 Information

CNNVD ID

CNNVD-202511-2314

Related CVE

CVE-2025-63889

• CNNVD Published: 2025-11-20

Description (Chinese)

ThinkPHP是中国顶想信息科技（ThinkPHP）公司的一套基于PHP的、开源的、轻量级Web应用程序开发框架。 ThinkPHP 5.0.24版本存在安全漏洞，该漏洞源于文件thinkphplibrary hinkTemplate.php中的fetch函数允许攻击者读取任意文件。

Description (English)

ThinkPHP is a PHP-based, open-source, lightweight Web application development framework for the top Chinese information technology (ThinkPHP) company. ThinkPHP version 5.0.24 contains a security loophole, which stems from the fact that the Fetch function in the documentthinkphplibrary hinkTemplate.php allows the assailant to read any file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

顶想信息科技

Published

2025-11-20

Last Modified

2026-02-24

References

https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26 https://www.yuque.com/lcc316/df0kgm/xqkrw5rfz5vqxo9t https://access.redhat.com/security/cve/cve-2025-63889

Patch

https://www.thinkphp.cn/