CVE-2018-11031

Name of the Vulnerable Software and Affected Versions PHPRAP versions 1.0.4 through 1.0.8

Description The issue concerns a Server-Side Request Forgery (SSRF) vulnerability. It can be exploited via the /debug URI by sending a POST request with specific parameters, such as api[url]=file:////etc/passwd and api[method]=get. This allows an attacker to access internal resources.

Recommendations For PHPRAP versions 1.0.4 through 1.0.8, as a temporary workaround, consider disabling access to the /debug URI until a patch is available. Restrict the use of the api[url] and api[method] parameters in the affected API endpoint to minimize the risk of exploitation.