diff --git a/cves/2022/CVE-2022-25481.yaml b/cves/2022/CVE-2022-25481.yaml index 9cbf11bcf8..fb6550e8d7 100644 --- a/cves/2022/CVE-2022-25481.yaml +++ b/cves/2022/CVE-2022-25481.yaml @@ -3,15 +3,20 @@ id: CVE-2022-25481 info: name: ThinkPHP 5.0.24 - Information Disclosure author: caon - severity: low + severity: high description: | ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. reference: - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md - https://nvd.nist.gov/vuln/detail/CVE-2022-25481 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-25481 + cwe-id: CWE-668 metadata: - verified: true shodan-query: title:"ThinkPHP" + verified: "true" tags: cve,cve2022,thinkphp,exposure,oss requests: