Auto Generated CVE annotations [Fri Nov 25 09:59:03 UTC 2022] 🤖

2022-11-25 09:59:03 +00:00 · 2022-11-25 09:59:03 +00:00 · 91b9d54a8d
parent 3ed7d98145
commit 91b9d54a8d
1 changed files with 7 additions and 2 deletions
--- a/cves/2022/CVE-2022-25481.yaml
+++ b/cves/2022/CVE-2022-25481.yaml
@ -3,15 +3,20 @@ id: CVE-2022-25481
 info:
  name: ThinkPHP 5.0.24 - Information Disclosure
  author: caon
-  severity: low
+  severity: high
  description: |
    ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
  reference:
    - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25481
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2022-25481
+    cwe-id: CWE-668
  metadata:
-    verified: true
    shodan-query: title:"ThinkPHP"
+    verified: "true"
  tags: cve,cve2022,thinkphp,exposure,oss

 requests: