CVE-2021-37704
Description
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo()
can be exposed if the /vendor
is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the /vendor
directory from public access.
NVD
Severity: MEDIUM
CVE ID: CVE-2021-37704
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub, Inc.
Severity: MEDIUM
CVE ID: CVE-2021-37704
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Proof Of Concept
Nuclei Templates for CVE-2021-37704
Refrence: Project Discovery GitHub