CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.

CVSS

No CVSS.

References

Link	Resource
https://github.com/top-think/framework/issues/2996	Exploit Issue Tracking Third Party Advisory
https://github.com/top-think/framework/issues/2996	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:thinkphp:thinkphp:8.0.3:*:*:*:*:*:*:*

History

17 Jun 2025, 15:02

Type	Values Removed	Values Added
First Time		Thinkphp thinkphp Thinkphp
References	~~() https://github.com/top-think/framework/issues/2996 -~~	() https://github.com/top-think/framework/issues/2996 - Exploit, Issue Tracking, Third Party Advisory
CPE		cpe:2.3:a:thinkphp:thinkphp:8.0.3:::::::*

12 Jun 2024, 15:15

Type	Values Removed	Values Added
Summary	ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.	ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.

04 May 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-04 20:15

Updated : 2025-06-17 15:02

NVD link : CVE-2024-34467

Mitre link : CVE-2024-34467

JSON object : View

Products Affected

thinkphp

CWE

No CWE.