id: CVE-2022-25481

info:
  name: ThinkPHP 5.0.24 - Information Disclosure
  author: caon
  severity: low
  description: |
    ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
  reference:
    - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25481
  metadata:
    verified: true
    shodan-query: title:"ThinkPHP"
  tags: cve,cve2022,thinkphp,disclosure

requests:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?s=example'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ThinkPHP"

      - type: word
        words:
          - "HttpException"
          - "TRACE"
        condition: or

      - type: status
        status:
          - 404