ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
References
Link | Resource |
---|---|
https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099 | Patch Third Party Advisory |
https://github.com/top-think/framework/compare/v6.0.13...v6.0.14 | Patch Third Party Advisory |
https://tttang.com/archive/1865/ | Exploit Third Party Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099 - Patch, Third Party Advisory | |
References | (MISC) https://tttang.com/archive/1865/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/top-think/framework/compare/v6.0.13...v6.0.14 - Patch, Third Party Advisory | |
CWE | CWE-22 | |
CPE | cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:* |
23 Dec 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-23 21:15
Updated : 2024-02-05 15:02
NVD link : CVE-2022-47945
Mitre link : CVE-2022-47945
CVE.ORG link : CVE-2022-47945
JSON object : View
Products Affected
thinkphp
- thinkphp
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')