Lucene search

GitHub Advisory DatabaseGHSA-P4QR-VQ2G-22WP

HistoryDec 23, 2022 - 9:30 p.m.

ThinkPHP Framework vulnerable to remote code execution

2022-12-2321:30:17

CWE-22

GitHub Advisory Database

github.com

thinkphp

framework

remote code execution

vulnerable

local file inclusion

language pack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.048 Low

EPSS

Percentile

92.8%

JSON

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.

Affected configurations

Vulners

Node

topthinkframeworkRange<6.0.14

CPENameOperatorVersion
topthink/frameworklt6.0.14

CPE	Name	Operator	Version
	topthink/framework	lt	6.0.14

References

github.com/advisories/GHSA-p4qr-vq2g-22wp

github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099

github.com/top-think/framework/compare/v6.0.13...v6.0.14

nvd.nist.gov/vuln/detail/CVE-2022-47945

tttang.com/archive/1865/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.048 Low

EPSS

Percentile

92.8%

JSON

Related for GHSA-P4QR-VQ2G-22WP