Description

Phpfastcache exposes phpinfo() if the "/vendor" directory is not protected from public access. It discloses sensitive information and an attacker could use it to conduct further attacks.

Remediation

Upgrade to the latest version of Phpfastcache

References

Exposed phpinfo() leaked via documentation files (CVE-2021-37704)

Related Vulnerabilities

[Possible] Internal Path Disclosure (Windows)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

WordPress Plugin Backup Migration Arbitrary File Download (1.3.6)

JBoss BSHDeployer MBean

Laravel Terminal open

Severity

Medium

Classification

CVE-2021-37704 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure