CVE-2022-47945

CRITICAL EXPLOITED NUCLEI

Thinkphp < 6.0.14 - Path Traversal

Title source: rule

Description

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.

Nuclei Templates (1)

Thinkphp Lang - Local File Inclusion

CRITICALVERIFIEDby kagamigawa

Shodan: title:"Thinkphp" || http.title:"thinkphp" || cpe:"cpe:2.3:a:thinkphp:thinkphp"

FOFA: header="think_lang" || title="thinkphp"

References (3)

[Patch, Third Party Advisory] https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/top-think/framework/compare/v6.0.13...v6.0.14

[Exploit, Third Party Advisory] https://tttang.com/archive/1865/

Scores

CVSS v3 9.8

EPSS 0.9034

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2024-04-11

CWE

CWE-22

Status published

Products (2)

thinkphp/thinkphp < 6.0.14

topthink/framework 0 - 6.0.14Packagist

Published Dec 23, 2022

Tracked Since Feb 18, 2026