Description

Phpfastcache exposes phpinfo() if the "/vendor" directory is not protected from public access. It discloses sensitive information and an attacker could use it to conduct further attacks.

Remediation

Upgrade to the latest version of Phpfastcache

References

Exposed phpinfo() leaked via documentation files (CVE-2021-37704)

Related Vulnerabilities

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

XML External Entity Injection via external file

Apache Tomcat version older than 7.0.23

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

Severity

Medium

Classification

CVE-2021-37704 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure