CVE-2022-47945
Published: 23 December 2022
Summary
CVE-2022-47945 is a critical-severity Path Traversal (CWE-22) vulnerability in Thinkphp Thinkphp. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
ThinkPHP Framework versions prior to 6.0.14 contain a path traversal flaw (CWE-22) that permits local file inclusion through the lang parameter when the language pack feature is enabled via lang_switch_on=true. The issue resides in the framework's handling of language switching and allows an attacker to supply crafted input that resolves to arbitrary files on the server, such as pearcmd.php, resulting in remote code execution.
An unauthenticated remote attacker can exploit the vulnerability over the network without user interaction to achieve full compromise of the affected application, including arbitrary operating system command execution. The CVSS 3.1 base score of 9.8 reflects the combination of network accessibility, lack of required privileges, and total impact on confidentiality, integrity, and availability.
Public references point to the official remediation in version 6.0.14, with the project repository showing the precise code changes that close the file inclusion vector; administrators are advised to upgrade promptly and ensure the language pack feature is disabled if not required.
The associated EPSS score remains consistently high near 0.90, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-7698
Vulnerability details
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.