GHSA-69wp-xwm7-69wm

Опубликовано: 22 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Exposure of Resource to Wrong Sphere in ThinkPHP Framework

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.

Ссылки

Пакеты

Наименование

topthink/framework

composer

Затронутые версииВерсия исправления

<= 5.0.24

Отсутствует

EPSS

Процентиль: 95%

0.20316

Средний

7.5 High

CVSS3

CVE ID

CVE-2022-25481

Дефекты

CWE-284

CWE-668

Связанные уязвимости

CVE-2022-25481

CVSS3: 7.5

nvd

почти 4 года назад

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.

EPSS

Процентиль: 95%

0.20316

Средний

7.5 High

CVSS3

CVE ID

CVE-2022-25481

Дефекты

CWE-284

CWE-668