Description

Phpfastcache exposes phpinfo() if the "/vendor" directory is not protected from public access. It discloses sensitive information and an attacker could use it to conduct further attacks.

Remediation

Upgrade to the latest version of Phpfastcache

References

Exposed phpinfo() leaked via documentation files (CVE-2021-37704)

Related Vulnerabilities

WordPress Plugin Slideshow Information Disclosure (2.2.21)

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.18)

WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

Severity

Medium

Classification

CVE-2021-37704 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure