CVE-2022-47945

Published: Dec 23, 2022

Modified: Apr 15, 2025

PUBLISHED

Description

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://tttang.com/archive/1865/

https://github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099

https://github.com/top-think/framework/compare/v6.0.13...v6.0.14

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-47945

Description

Affected Products

References