Critical severityNVD Advisory· Published Dec 23, 2022· Updated Apr 15, 2025
CVE-2022-47945
CVE-2022-47945
Description
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | < 6.0.14 | 6.0.14 |
Affected products
2- ThinkPHP/Frameworkdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-p4qr-vq2g-22wpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-47945ghsaADVISORY
- github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099ghsaWEB
- github.com/top-think/framework/compare/v6.0.13...v6.0.14ghsaWEB
- tttang.com/archive/1865ghsaWEB
- tttang.com/archive/1865/mitre
News mentions
0No linked articles in our index yet.