Vulnerability Details CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.44
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References