Update and rename vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml to cves/2022/CVE-2022-47945.yaml

2023-01-16 00:19:02 +07:00 · 2023-01-16 00:19:02 +07:00 · 63b54672b0
parent d5d6c517ec
commit 63b54672b0
1 changed files with 5 additions and 4 deletions
--- a/vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml
+++ b/vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml
@ -1,18 +1,19 @@
-id: thinkphp6-lang-lfi
+id: CVE-2022-47945

 info:
  name: Thinkphp Lang - LFI
  author: kagamigawa
-  severity: high
+  severity: critical
  description: |
-    Thinkphp,v6.0.1~v6.0.13, v5.0.x~v5.1.41, v5.0.0~v5.0.24 vulnerable to LFI.
+    ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
  reference:
    - https://tttang.com/archive/1865/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-47945
  metadata:
    verified: true
    shodan-query: title:"Thinkphp"
    fofa-query: header="think_lang"
-  tags: thinkphp,lfi
+  tags: cve,cve2022,thinkphp,lfi

 requests:
  - method: GET