daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'patch-360' of https://github.com/pikpikcu/nuclei-templates

patch-1
Prince Chaddha 2023-01-20 18:47:21 +05:30
parent 67602e6275 783d20280b
commit a071c03a22
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml → cves/2022/CVE-2022-47945.yaml
View File

@ -1,22 +1,21 @@
id: thinkphp6-lang-lfi id: CVE-2022-47945
info: info:
name: Thinkphp Lang - Local File Inclusion name: Thinkphp Lang - Local File Inclusion
author: kagamigawa author: kagamigawa
severity: high severity: critical
description: | description: |
Thinkphp Lang 6.0.1~v6.0.13, v5.0.x~v5.1.41, v5.0.0~v5.0.24 is vulnerable to local file inclusion. ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
reference: reference:
- https://tttang.com/archive/1865/ - https://tttang.com/archive/1865/
- https://nvd.nist.gov/vuln/detail/CVE-2022-47945
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cve-id: CVE-2022-47945
cvss-score: 7.5
cwe-id: CWE-22
metadata: metadata:
verified: true verified: true
shodan-query: title:"Thinkphp" shodan-query: title:"Thinkphp"
fofa-query: header="think_lang" fofa-query: header="think_lang"
tags: thinkphp,lfi tags: cve,cve2022,thinkphp,lfi
requests: requests:
- method: GET - method: GET