What is CVE-2022-47945?

CVE-2022-47945 is a vulnerability in N/a. Published 2022-12-23.

Is CVE-2022-47945 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating sys…

EPSS: 0.899 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/kenzer-templates
Ostorlab/KEV
altilunium/redtail
duggytuxy/Intelligence_
duggytuxy/malicious_

References

tttang.com/archive/1865/
github.com/top-think/framework/commit/c4acb8b4001b98a0078eda25840d33e295a7f099
github.com/top-think/framework/compare/v6.0.13...v6.0.14

Frequently asked questions

What is CVE-2022-47945?: CVE-2022-47945 is a vulnerability in N/a. Published 2022-12-23.
Is CVE-2022-47945 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.