Headline
CVE-2022-47945: Comparing v6.0.13...v6.0.14 · top-think/framework
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
Notifications
Fork 1k
Code
Issues 303
Pull requests 58
Actions
Security
Insights
Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: top-think/framework base: v6.0.13
head repository: top-think/framework compare: v6.0.14
- 4 commits
- 4 files changed
- 2 contributors
Commits on Jul 15, 2022
Commits on Sep 14, 2022
Commits on Oct 25, 2022
Related news
Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report