High severityNVD Advisory· Published Mar 20, 2022· Updated Aug 3, 2024
CVE-2022-25481
CVE-2022-25481
Description
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | <= 5.0.24 | — |
Affected products
2- ThinkPHP Framework/ThinkPHP Frameworkdescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.