.. / CVE-2021-37704

Exploit for phpfastcache - phpinfo Resource Exposure (CVE-2021-37704)

Description:

phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.

Nuclei Template

View the template here CVE-2021-37704.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-37704.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-37704
https://packagist.org/packages/phpfastcache/phpfastcache
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51