Local File Inclusion Vulnerability in ThinkPHP Framework by TopThink
CVE-2022-47945

9.8CRITICAL

Key Information:

Vendor

ThinkPHP

Status
Vendor
CVE Published:
23 December 2022

What is CVE-2022-47945?

The ThinkPHP Framework, specifically versions prior to 6.0.14, contains a vulnerability that allows for local file inclusion through manipulation of the 'lang' parameter when the language pack feature is enabled. An unauthenticated attacker can exploit this weakness to include arbitrary files, which may lead to the execution of operating system commands. This security flaw poses a significant risk, especially if sensitive files or scripts are accessible.

References

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.