CVE-2021-37704

MEDIUM NUCLEI

Phpfastcache < 6.1.5 - Information Disclosure

Title source: rule

Description

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.

Nuclei Templates (1)

phpfastcache - phpinfo Resource Exposure

MEDIUMby whoever

References (8)

[Release Notes, Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807

[Patch, Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/pull/813

[Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/pull/814

[Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/pull/815

[Third Party Advisory] https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/flextype/flextype/issues/567

[Product, Third Party Advisory] https://packagist.org/packages/phpfastcache/phpfastcache

Scores

CVSS v3 5.4

EPSS 0.4780

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (2)

phpfastcache/phpfastcache < 6.1.5

phpfastcache/phpfastcache < 6.1.5Packagist

Timeline

Published Aug 12, 2021

Tracked Since Feb 18, 2026