Local File Inclusion Vulnerability in ThinkPHP Framework by TopThink
CVE-2022-47945
9.8CRITICAL
What is CVE-2022-47945?
The ThinkPHP Framework, specifically versions prior to 6.0.14, contains a vulnerability that allows for local file inclusion through manipulation of the 'lang' parameter when the language pack feature is enabled. An unauthenticated attacker can exploit this weakness to include arbitrary files, which may lead to the execution of operating system commands. This security flaw poses a significant risk, especially if sensitive files or scripts are accessible.
References
EPSS Score
15% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
