id: CVE-2022-25481 info: name: ThinkPHP 5.0.24 - Information Disclosure author: caon severity: high description: | ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. impact: | An attacker can exploit this vulnerability to gain sensitive information. remediation: | Upgrade to a patched version of ThinkPHP or apply the necessary security patches. reference: - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md - https://nvd.nist.gov/vuln/detail/CVE-2022-25481 - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-25481 cwe-id: CWE-668 epss-score: 0.01261 epss-percentile: 0.85591 cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: thinkphp product: thinkphp shodan-query: title:"ThinkPHP" fofa-query: title="thinkphp" google-query: intitle:"thinkphp" tags: cve,cve2022,thinkphp,exposure,oss http: - method: GET path: - '{{BaseURL}}/index.php?s=example' matchers-condition: and matchers: - type: word part: body words: - "Exception" - "REQUEST_TIME" - "ThinkPHP Constants" condition: and - type: status status: - 200 - 500 - 404 condition: or # digest: 4b0a00483046022100b496345378ef7c5282eccf0ef4750c6c8be7b5d9ead61c0d0e8699049a7a1f6402210099374a6431005d5758183a4b42b31f0edbd2a5764afc3ca59af2ef7e03953fcc:922c64590222798bb761d5b6d8e72950