CVE-2022-47945 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in ThinkPHP Framework affects v. before 6.0.14.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
696 sec
Scan only one
Url
Toolbox
-
The ThinkPHP Framework is a popular open-source PHP web application framework designed for quick and efficient development. The framework is widely recognized for its robustness and flexibility regarding building scalable and high-performance web applications. This framework is widely used by developers worldwide and has a massive community of developers that contribute to its development and maintenance. ThinkPHP Framework provides a comprehensive solution for web development, including database operations, template parsing, caching, HTTP requests, and many more.
The CVE-2022-47945 vulnerability is a serious security flaw that has been detected in the ThinkPHP Framework earlier than 6.0.14 versions. The vulnerability allows an unauthenticated and remote attacker to execute arbitrary operating system commands by exploiting the language pack feature. The attacker can manipulate the lang parameter if the language pack feature is enabled (lang_switch_on=true), leading to local file inclusion. Malicious actors can exploit this vulnerability to run system commands remotely on vulnerable web applications, take control over the system, and steal sensitive data.
Exploiting this vulnerability can cause severe consequences. Attackers can launch a wide range of attacks against unsecured systems, including front door attacks, backdoor attacks, and privilege escalation attacks. In some cases, attackers may even be able to gain full system access and take complete control of the targeted system. Attackers can also steal sensitive data, including usernames, passwords, and other confidential information, causing severe damage to businesses.
In conclusion, cyber threats are increasing day by day, and it is crucial to be aware of the latest vulnerabilities and stay well informed about the risks to digital assets. s4e.io provides pro features that allow users to get detailed information about the vulnerabilities present in their digital assets. By subscribing to s4e.io, individuals can keep themselves well protected against cyber threats and enjoy peace of mind.
REFERENCES