CVE-2021-37704
MEDIUM NUCLEIPhpfastcache < 6.1.5 - Information Disclosure
Title source: ruleDescription
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.
Nuclei Templates (1)
phpfastcache - phpinfo Resource Exposure
MEDIUMby whoever
References (8)
Core 8
Core References
Third Party Advisory x_refsource_confirm
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/flextype/flextype/issues/567
Patch, Third Party Advisory x_refsource_misc
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
Third Party Advisory x_refsource_misc
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
Third Party Advisory x_refsource_misc
https://github.com/PHPSocialNetwork/phpfastcache/pull/815
Patch, Third Party Advisory x_refsource_misc
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
Product, Third Party Advisory x_refsource_misc
https://packagist.org/packages/phpfastcache/phpfastcache
Scores
CVSS v3
5.4
EPSS
0.4780
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-200
CWE-668
Status
published
Products (2)
phpfastcache/phpfastcache
< 6.1.5
phpfastcache/phpfastcache
0 - 6.1.5Packagist
Published
Aug 12, 2021
Tracked Since
Feb 18, 2026