Add CVE-2024-44902 ThinkPHP RCE template | Algora

PR

Add CVE-2024-44902 ThinkPHP RCE template

projectdiscovery/nuclei-templates#14341

/claim #14310

PR Information

Added CVE-2024-44902 (ThinkPHP Deserialization RCE)
References:
- https://github.com/fru1ts/CVE-2024-44902
- https://nvd.nist.gov/vuln/detail/CVE-2024-44902

Bounty Claim: This PR addresses the Algora bounty for ThinkPHP Insecure Deserialization.

Template validation

Validated with a host running a vulnerable version and/or configuration (True Positive)
Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details

I verified the logic using the reproduction steps provided in the CVE repository.

Command to validate:

nuclei -t http/cves/2024/CVE-2024-44902.yaml -u http://localhost:8000

Claim

Total prize pool $100

Total paid $0

Status Pending

Submitted December 11, 2025

Last updated December 11, 2025

Contributors

AH

Ahmed Zrouqui

@AhmedZrouqui

100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$100