Merge branch 'patch-360' of https://github.com/pikpikcu/nuclei-templates

2023-01-20 18:47:21 +05:30 · 2023-01-20 18:47:21 +05:30 · a071c03a22
parent 67602e6275 783d20280b
commit a071c03a22
1 changed files with 6 additions and 7 deletions
--- a/vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml
+++ b/vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml
@ -1,22 +1,21 @@
-id: thinkphp6-lang-lfi
+id: CVE-2022-47945

 info:
  name: Thinkphp Lang - Local File Inclusion
  author: kagamigawa
-  severity: high
+  severity: critical
  description: |
-    Thinkphp Lang 6.0.1~v6.0.13, v5.0.x~v5.1.41, v5.0.0~v5.0.24 is vulnerable to local file inclusion.
+    ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
  reference:
    - https://tttang.com/archive/1865/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-47945
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
-    cwe-id: CWE-22
+    cve-id: CVE-2022-47945
  metadata:
    verified: true
    shodan-query: title:"Thinkphp"
    fofa-query: header="think_lang"
-  tags: thinkphp,lfi
+  tags: cve,cve2022,thinkphp,lfi

 requests:
  - method: GET