Описание
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo() can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will NOT be patched. As a workaround, protect the /vendor directory from public access.
Ссылки
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ProductThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.5 (исключая)Версия от 7.0.0 (включая) до 7.1.2 (исключая)Версия от 8.0.0 (включая) до 8.0.7 (исключая)
Одно из
cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.5314
Средний
5.4 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-668
Связанные уязвимости
CVSS3: 5.4
github
больше 4 лет назад
Exposed phpinfo() leadked via documentation files
EPSS
Процентиль: 98%
0.5314
Средний
5.4 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-668