nuclei-templates/http/cves/2022/CVE-2022-25481.yaml

id: CVE-2022-25481

info:
  name: ThinkPHP 5.0.24 - Information Disclosure
  author: caon
  severity: high
  description: |
    ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to gain sensitive information.
  remediation: |
    Upgrade to a patched version of ThinkPHP or apply the necessary security patches.
  reference:
    - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25481
    - https://github.com/20142995/sectool
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-25481
    cwe-id: CWE-668
    epss-score: 0.01261
    epss-percentile: 0.85321
    cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: thinkphp
    product: thinkphp
    shodan-query: title:"ThinkPHP"
  tags: cve,cve2022,thinkphp,exposure,oss

http:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?s=example'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Exception"
          - "REQUEST_TIME"
          - "ThinkPHP Constants"
        condition: and

      - type: status
        status:
          - 200
          - 500
          - 404
        condition: or
# digest: 4a0a004730450220152a665e7b3a3c19077e3bf8a9d5f588afd66692737ed127dea8c823f9a1dd04022100d65ce7ec17220bbd6cfd2f3278886cd52b2f34beaae8509405bcfd1affd9940f:922c64590222798bb761d5b6d8e72950
CVE-2022-25481 2022-11-24 16:42:41 +00:00			`id: CVE-2022-25481`

			`info:`
			`name: ThinkPHP 5.0.24 - Information Disclosure`
			`author: caon`
Auto Generated CVE annotations [Fri Nov 25 09:59:03 UTC 2022] :robot: 2022-11-25 09:59:03 +00:00			`severity: high`
Update CVE-2022-25481.yaml 2022-11-24 18:21:41 +00:00			`description: \|`
Enhancement: cves/2022/CVE-2022-25481.yaml by md 2023-02-03 16:18:38 +00:00			`ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`An attacker can exploit this vulnerability to gain sensitive information.`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`remediation: \|`
			`Upgrade to a patched version of ThinkPHP or apply the necessary security patches.`
Update CVE-2022-25481.yaml 2022-11-24 18:21:41 +00:00			`reference:`
			`- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-25481`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/20142995/sectool`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
Auto Generated CVE annotations [Fri Nov 25 09:59:03 UTC 2022] :robot: 2022-11-25 09:59:03 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cve-id: CVE-2022-25481`
			`cwe-id: CWE-668`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`epss-score: 0.01261`
			`epss-percentile: 0.85321`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:::::::*`
Update CVE-2022-25481.yaml 2022-11-24 18:21:41 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: thinkphp`
			`product: thinkphp`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`shodan-query: title:"ThinkPHP"`
Update CVE-2022-25481.yaml 2022-11-25 07:38:40 +00:00			`tags: cve,cve2022,thinkphp,exposure,oss`
CVE-2022-25481 2022-11-24 16:42:41 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
CVE-2022-25481 2022-11-24 16:42:41 +00:00			`- method: GET`
			`path:`
			`- '{{BaseURL}}/index.php?s=example'`

			`matchers-condition: and`
			`matchers:`
Update CVE-2022-25481.yaml 2023-06-10 13:33:20 +00:00			`- type: word`
			`part: body`
			`words:`
			`- "Exception"`
			`- "REQUEST_TIME"`
updated matchers 2023-06-15 04:08:56 +00:00			`- "ThinkPHP Constants"`
Update CVE-2022-25481.yaml 2023-06-10 13:33:20 +00:00			`condition: and`

CVE-2022-25481 2022-11-24 16:42:41 +00:00			`- type: status`
			`status:`
Update CVE-2022-25481.yaml 2023-06-10 13:33:20 +00:00			`- 200`
			`- 500`
CVE-2022-25481 2022-11-24 16:42:41 +00:00			`- 404`
Update CVE-2022-25481.yaml 2023-06-10 13:33:20 +00:00			`condition: or`
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot: 2024-03-25 11:57:16 +00:00			`# digest: 4a0a004730450220152a665e7b3a3c19077e3bf8a9d5f588afd66692737ed127dea8c823f9a1dd04022100d65ce7ec17220bbd6cfd2f3278886cd52b2f34beaae8509405bcfd1affd9940f:922c64590222798bb761d5b6d8e72950`