Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-37704
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-12 Aug, 2021 | 20:05
Updated At-04 Aug, 2024 | 01:23
Rejected At-
▼CVE Numbering Authority (CNA)
Exposed phpinfo() in PhpFastCache

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.

Affected Products
Vendor
PHPSocialNetwork
Product
phpfastcache
Versions
Affected
  • < 6.1.5
  • >= 7.0.0, < 7.1.2
  • >= 8.0.0, < 8.0.7
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
x_refsource_CONFIRM
https://github.com/flextype/flextype/issues/567
x_refsource_MISC
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
x_refsource_MISC
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
x_refsource_MISC
https://github.com/PHPSocialNetwork/phpfastcache/pull/815
x_refsource_MISC
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
x_refsource_MISC
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
x_refsource_MISC
https://packagist.org/packages/phpfastcache/phpfastcache
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
x_refsource_CONFIRM
x_transferred
https://github.com/flextype/flextype/issues/567
x_refsource_MISC
x_transferred
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
x_refsource_MISC
x_transferred
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
x_refsource_MISC
x_transferred
https://github.com/PHPSocialNetwork/phpfastcache/pull/815
x_refsource_MISC
x_transferred
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
x_refsource_MISC
x_transferred
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
x_refsource_MISC
x_transferred
https://packagist.org/packages/phpfastcache/phpfastcache
x_refsource_MISC
x_transferred
Details not found