CVE-2021-37704

Description

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo() can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the /vendor directory from public access.

NVD
Severity: MEDIUM
CVE ID: CVE-2021-37704
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

GitHub, Inc.
Severity: MEDIUM
CVE ID: CVE-2021-37704
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-37704

Refrence: Project Discovery GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept