CVE-2019-9082

ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. Vendor/Product: ThinkPHP ThinkPHP. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.