Vulnerability Details : CVE-2021-37704
Potential exploit
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.
Vulnerability category: Information leak
Products affected by CVE-2021-37704
- cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37704
47.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37704
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
2.8
|
2.5
|
GitHub, Inc. |
CWE ids for CVE-2021-37704
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-37704
-
https://github.com/flextype/flextype/issues/567
phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. · Issue #567 · flextype/flextype · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://packagist.org/packages/phpfastcache/phpfastcache
phpfastcache/phpfastcache - PackagistProduct;Third Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/pull/815
[V6] Fixed vulnerability issue that cause exposed phpinfo() in some situations by Geolim4 · Pull Request #815 · PHPSocialNetwork/phpfastcache · GitHubThird Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
[V8] Fixed vulnerability issue that cause exposed phpinfo() in some situations by Geolim4 · Pull Request #813 · PHPSocialNetwork/phpfastcache · GitHubPatch;Third Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
phpfastcache/CHANGELOG.md at master · PHPSocialNetwork/phpfastcache · GitHubRelease Notes;Third Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
Exposed phpinfo() leadked via documentation files · Advisory · PHPSocialNetwork/phpfastcache · GitHubThird Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
[V7] Fixed vulnerability issue that cause exposed phpinfo() in some situations by Geolim4 · Pull Request #814 · PHPSocialNetwork/phpfastcache · GitHubThird Party Advisory
-
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
Merge pull request #813 from Geolim4/master · PHPSocialNetwork/phpfastcache@41a77d0 · GitHubPatch;Third Party Advisory
Jump to