CVE-2022-47945
CRITICAL EXPLOITED NUCLEIThinkPHP Framework < 6.0.14 - Unauthenticated Local File Inclusion via Lang Parameter
Title source: llmExploitation Summary
CVE-2022-47945 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
Nuclei Templates (1)
Thinkphp Lang - Local File Inclusion
CRITICALVERIFIEDby kagamigawa
Shodan:
title:"Thinkphp" || http.title:"thinkphp" || cpe:"cpe:2.3:a:thinkphp:thinkphp"
FOFA:
header="think_lang" || title="thinkphp"
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099
Patch, Third Party Advisory
https://github.com/top-think/framework/compare/v6.0.13...v6.0.14
Exploit, Third Party Advisory
https://tttang.com/archive/1865/
Scores
CVSS v3
9.8
EPSS
0.1550
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-04-11
CWE
CWE-22
Status
published
Products (2)
thinkphp/thinkphp
< 6.0.14
topthink/framework
0 - 6.0.14Packagist
Published
Dec 23, 2022
Tracked Since
Feb 18, 2026