Vulnerability CVE-2022-25481


Published: 2022-03-21

Description:
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.

 References:
https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md

Copyright 2026, cxsecurity.com

 

Back to Top