CVE advisoryKnown Exploit
CVE-2019-9082
ThinkPHP Remote Command Execution Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Remote command execution is possible in certain versions of ThinkPHP and associated products like Open Source BMS. This allows attackers to run commands on affected systems, posing a risk of data compromise and operational disruption. The U.S. CISA has listed this as an actively exploited vulnerability.