CVE-2021-37704
published 2021-08-12CVE-2021-37704: PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the…
PriorityP335medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
6.13%
92.6th percentile
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpfastcache | phpfastcache | < 6.1.5 | 6.1.5 |
| phpfastcache | phpfastcache | >= 0 < 6.1.5 | 6.1.5 |
| phpfastcache | phpfastcache | >= 7.0.0 < 7.1.2 | 7.1.2 |
| phpfastcache | phpfastcache | >= 7.0.0 < 7.1.2 | 7.1.2 |
| phpfastcache | phpfastcache | >= 8.0.0 < 8.0.7 | 8.0.7 |
| phpfastcache | phpfastcache | >= 8.0.0 < 8.0.7 | 8.0.7 |
| phpsocialnetwork | phpfastcache | < 6.1.5 | 6.1.5 |
| phpsocialnetwork | phpfastcache | — | — |
| phpsocialnetwork | phpfastcache | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to either phpinfo.php path returns HTTP 200 with both 'PHP Extension' AND 'PHP Version' in the response body, indicating exposed phpinfo() output. ↗
- →Extract the exposed PHP version from the response body using the regex pattern '>PHP Version ([0-9.]+)' to confirm exploitation and enumerate the target environment. ↗
- →Stop scanning at first match — probe /docs/examples/phpinfo.php first, then fall back to /examples/phpinfo.php; a hit on either confirms the vendor directory is publicly accessible. ↗
- ·This is a rare/low-impact scenario in modern deployments where the vendor directory is typically outside the web root or protected by server rules (.htaccess, etc.). ↗
- ·The Nuclei template requires exactly 2 HTTP requests maximum (max-request: 2), one per candidate path, stopping at first positive match. ↗
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Exposed phpinfo() leadked via documentation files
ghsa·2021-08-30
CVE-2021-37704 [MEDIUM] CWE-200 Exposed phpinfo() leadked via documentation files
Exposed phpinfo() leadked via documentation files
### Impact
The `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc).
### Patches
Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5.
Older versions such as v5, v4 are not longer supported and will **NOT** be patched.
### Workarounds
Protect the `/vendor` directory from public access.
### References
The first issue revealing this vulnerability is located here: https://github.com/flextype/flextype/issues/567
V6 fix: https://github.com/PHPSocialNetwork/phpfastcache/pull/815
V7 fix: https://github.com/PHPSocialNetwork/phpfastcache/pull/814
V8 fi
OSV
Exposed phpinfo() leadked via documentation files
osv·2021-08-30
CVE-2021-37704 [MEDIUM] Exposed phpinfo() leadked via documentation files
Exposed phpinfo() leadked via documentation files
### Impact
The `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc).
### Patches
Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5.
Older versions such as v5, v4 are not longer supported and will **NOT** be patched.
### Workarounds
Protect the `/vendor` directory from public access.
### References
The first issue revealing this vulnerability is located here: https://github.com/flextype/flextype/issues/567
V6 fix: https://github.com/PHPSocialNetwork/phpfastcache/pull/815
V7 fix: https://github.com/PHPSocialNetwork/phpfastcache/pull/814
V8 fi
No detection rules found.
Nuclei
phpfastcache - phpinfo Resource Exposure
nuclei·CVSS 4.3
CVE-2021-37704 [MEDIUM] phpfastcache - phpinfo Resource Exposure
phpfastcache - phpinfo Resource Exposure
phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.
Template:
id: CVE-2021-37704
info:
name: phpfastcache - phpinfo Resource Exposure
author: whoever
severity: medium
description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.
impact: |
An attacker can gain access to sensitive information, such as server configuration details, PHP version, and installed extensions.
remediation: |
Remove or restrict access to the phpinfo.php file in the phpfastcache library.
reference:
- https://github.com/PHPSocialNetwork/phpfastcache/pull/813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
- https://github.com/PHPS
No writeups or analysis indexed.
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51https://github.com/PHPSocialNetwork/phpfastcache/pull/813https://github.com/PHPSocialNetwork/phpfastcache/pull/814https://github.com/PHPSocialNetwork/phpfastcache/pull/815https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qchttps://github.com/flextype/flextype/issues/567https://packagist.org/packages/phpfastcache/phpfastcachehttps://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51https://github.com/PHPSocialNetwork/phpfastcache/pull/813https://github.com/PHPSocialNetwork/phpfastcache/pull/814https://github.com/PHPSocialNetwork/phpfastcache/pull/815https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qchttps://github.com/flextype/flextype/issues/567https://packagist.org/packages/phpfastcache/phpfastcache
2021-08-12
Published