3 matches found
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...
CVE-2022-25481
ThinkPHP 5.0.24 is susceptible to information disclosure due to PATHINFO misconfiguration, allowing an attacker to access all system environment parameters from index.php. The connected template confirms an information-disclosure vulnerability; explicit exploit steps or buggy versions are not pro...