id: CVE-2022-25481 info: name: ThinkPHP 5.0.24 - Information Disclosure author: caon severity: high description: | ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. impact: | An attacker can exploit this vulnerability to gain sensitive information. remediation: | Upgrade to a patched version of ThinkPHP or apply the necessary security patches. reference: - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md - https://nvd.nist.gov/vuln/detail/CVE-2022-25481 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-25481 cwe-id: CWE-668 epss-score: 0.01311 epss-percentile: 0.84375 cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: thinkphp product: thinkphp shodan-query: title:"ThinkPHP" tags: cve,cve2022,thinkphp,exposure,oss http: - method: GET path: - '{{BaseURL}}/index.php?s=example' matchers-condition: and matchers: - type: word part: body words: - "Exception" - "REQUEST_TIME" - "ThinkPHP Constants" condition: and - type: status status: - 200 - 500 - 404 condition: or # digest: 4b0a00483046022100c7dd738ecbf645cf40b14a0599f9f6b2fe0444883ef7132ad2a46f925b8109db02210095ab38dadea1a5fcd311e80938e3f4c0c280a5a374a1304fe8154cf13723f08e:922c64590222798bb761d5b6d8e72950