Security Advisory

CVE-2022-25481

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-20 00:00:00

Last updated 2024-08-03 04:42:49

Assigner mitre

State PUBLISHED

Description

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.

← Browse all CVEs View on cve.org ↗