CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.

Published: Dec 23, 2022
Updated: Aug 9, 2023
CVE: CVE-2022-47945
GHSA: GHSA-p4qr-vq2g-22wp
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
thinkphp / thinkphp	-	6.0.14
topthink / framework	-	6.0.14

https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099
https://github.com/top-think/framework/compare/v6.0.13...v6.0.14
https://tttang.com/archive/1865/

Vulnerability Database

CVE-2022-47945