daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-25481.yaml

patch-1
Ritik Chaddha 2022-11-24 23:51:41 +05:30 committed by GitHub
parent 7366d89141
commit 7c2cdf6a95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cves/2022/CVE-2022-25481.yaml
View File

@ -4,9 +4,15 @@ info:
name: ThinkPHP 5.0.24 - Information Disclosure name: ThinkPHP 5.0.24 - Information Disclosure
author: caon author: caon
severity: low severity: low
description: ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. description: |
reference: https://nvd.nist.gov/vuln/detail/CVE-2022-25481 ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
tags: cve,cve2022,thinkphp reference:
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
metadata:
verified: true
shodan-query: title:"ThinkPHP"
tags: cve,cve2022,thinkphp,disclosure
requests: requests:
- method: GET - method: GET
@ -17,9 +23,13 @@ requests:
matchers: matchers:
- type: word - type: word
words: words:
- "HttpException"
- "ThinkPHP" - "ThinkPHP"
condition: and
- type: word
words:
- "HttpException"
- "TRACE"
condition: or
- type: status - type: status
status: status: