Path Traversal and Information Exposure in ThinkPHP Framework by ThinkPHP
CVE-2022-25481
7.5HIGH
What is CVE-2022-25481?
A misconfiguration in the ThinkPHP Framework v5.0.24 allows attackers to exploit the absence of the PATHINFO parameter. This oversight potentially permits unauthorized access to critical system environment parameters through index.php, exposing sensitive information. While there are claims that this exposure is an intended feature meant for debugging, it raises concerns about the security implications of unmonitored access to system configurations.
