CVE-2022-47945 — AI Deep Analysis Summary

🚨 **Essence**: ThinkPHP Framework < 6.0.14 has a **Path Traversal/LFI** flaw.…

🛡️ **Root Cause**: The `lang` parameter is not sanitized when **Language Pack Feature** (`lang_switch_on=true`) is enabled.…

🎯 **Affected**: ThinkPHP Framework versions **before 6.0.14**. 📦 **Component**: Core framework logic handling language switching. 📅 **Vendor**: Top Think Information Technology. 🇨🇳

💻 **Privileges**: **Remote Code Execution (RCE)**. 🗑️ **Data**: Full control over the underlying OS.…

🔓 **Threshold**: **Low/Medium**. ✅ **Auth**: Unauthenticated. 📝 **Config**: Requires `lang_switch_on=true` to be enabled in the application config. 🌐 **Network**: Remote exploitation possible. 🚀

🔥 **Exploit**: **Yes**. 📄 **PoC**: Public Nuclei template available on GitHub. 🌍 **Status**: Known technique (using `pearcmd.php`) demonstrated.…

🔍 **Check 1**: Verify ThinkPHP version (< 6.0.14). 📝 **Check 2**: Look for `lang_switch_on=true` in config. 🧪 **Scan**: Use Nuclei template `CVE-2022-47945.yaml`. 🛠️ **Tool**: ProjectDiscovery Nuclei. 📡

✅ **Fixed**: Yes. 📦 **Patch**: Upgrade to **ThinkPHP 6.0.14** or later. 🔗 **Commit**: See official GitHub commit `c4acb8b`. 🔄 **Action**: Immediate update recommended. 🛡️

🚫 **Workaround**: Disable language switching by setting `lang_switch_on=false` in config. 🧱 **Mitigation**: Block external access to `lang` parameter if possible. 🛑 **Note**: Not a permanent fix; patching is superior. ⏳

🚨 **Priority**: **CRITICAL**. 🔴 **Urgency**: High. ⚡ **Reason**: Unauthenticated RCE with public PoC. 🏃 **Action**: Patch immediately to prevent server compromise. 🆘