Detections
Analytics
ThinkPHP Framework 5.1.x < 5.1.31 Arbitrary File Read
medium Web App Scanning Plugin ID 113334
Language:
Synopsis
ThinkPHP Framework 5.1.x < 5.1.31 Arbitrary File ReadDescription
A vulnerability exists within ThinkPHP Framework 5.1.x to 5.1.31. If the site is configured in debug mode, this vulnerability allows an attacker to read arbitrary files on the system due to improper sanitization of user-supplied input.Solution
Disable the debug mode or upgrade to ThinkPHP Framework version 5.1.31 or later.See Also
Plugin Details
Severity: Medium
ID: 113334
Type: remote
Family: Component Vulnerability
Published: 8/8/2022
Updated: 8/8/2022
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 2.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
Vulnerability Information
Exploit Available: true
Reference Information
CWE: 22
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Path Traversal
DISA STIG: APSC-DV-002560, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-12.3.1, 4.0.2-14.2.1