CVE-2021-37704

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions PhpFastCache versions prior to 6.1.5 PhpFastCache versions prior to 7.1.2 PhpFastCache versions prior to 8.0.7

Description The issue concerns the exposure of phpinfo() when the /vendor directory is not protected from public access. This situation is rare today, as the vendor directory is often located outside the web directory or protected via server rules.

Recommendations For versions prior to 6.1.5, update to version 6.1.5 or later. For versions prior to 7.1.2, update to version 7.1.2 or later. For versions prior to 8.0.7, update to version 8.0.7 or later. As a temporary workaround, protect the /vendor directory from public access.

Exploit

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

CVE-2021-37704

GHSA-CVH5-P6R6-G2QC

Affected Products

Phpfastcache

CVE-2021-37704

Weakness Enumeration

Related Identifiers

Affected Products

References · 12