New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. #567
Comments
|
Access to vendor folder is closed here: And you can't access here: |
|
thanks, i found this vulnerability it's between 0.9.12 and 0.9.16 via,it's not very dangerious |
|
Hello, I have been notified today by mail of a potential vulnerability in Phpfastcache, I take this alert very seriously and working on it to push a fix tonight along with a CVE if needed. This code is a very old code (2016) located in /docs directory that should not be here. Thanks you. |
|
@Geolim4 Thanks! |
|
A CVE has been released and published here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 Thanks :D |
All 0.9.x versions (prior to 0.9.16), are affected.
System Information Leak ( phpinfo() ) vulnerability in flextype 0.9.16 via the phpinfo() parameter to 1) flextype/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php ,2) flextype/vendor/phpfastcache/phpfastcache/docs/examples/index.php
it's allows remote attackers to obtain configuration information via a phpinfo action in a request to phpinfo.php、index.php, which calls the phpinfo function.




The text was updated successfully, but these errors were encountered: