CVE-2022-47945

CVSS V2 None CVSS V3 None
Description
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
Overview
  • CVE ID
  • CVE-2022-47945
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-23T21:15:09
  • Last Modified Date
  • 2022-12-30T22:15:31
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:* 1 OR 6.0.14
History
Created Old Value New Value Data Type Notes
2022-12-23 22:15:18 Added to TrackCVE
2022-12-25 02:16:02 2022-12-25T02:07:49 CVE Modified Date updated
2022-12-25 02:16:02 Received Awaiting Analysis Vulnerability Status updated
2022-12-29 15:13:50 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-29 19:14:27 Undergoing Analysis Awaiting Analysis Vulnerability Status updated
2022-12-29 20:15:00 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-30 23:14:49 2022-12-30T22:15:31 CVE Modified Date updated
2022-12-30 23:14:49 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-30 23:14:50 Weakness Enumeration new
2022-12-30 23:14:53 CPE Information updated