CVE-2024-34467 Information

Description

ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.

Reference

https://github.com/top-think/framework/issues/2996