Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High severity
GitHub Reviewed
Published
Mar 22, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Mar 21, 2022
Published to the GitHub Advisory Database
Mar 22, 2022
Reviewed
Apr 1, 2022
Last updated
Jan 27, 2023
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
References