Description

Phpfastcache exposes phpinfo() if the "/vendor" directory is not protected from public access. It discloses sensitive information and an attacker could use it to conduct further attacks.

Remediation

Upgrade to the latest version of Phpfastcache

References

Exposed phpinfo() leaked via documentation files (CVE-2021-37704)

Related Vulnerabilities

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.11)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.9)

Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive

CodeIgniter development mode enabled

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0815)

Severity

Medium

Classification

CVE-2021-37704 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure