ThinkPHP Framework 5.0.24 - Unauthenticated Information Exposure via PATHINFO Misconfiguration
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.