Vulnerabilities > CVE-2018-11031 - Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gouguoyin

CWE-918

critical

NVD

Published: 2018-05-14

Updated: 2024-11-21

Summary

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

Vulnerable Configurations

Part	Description	Count
Application	Gouguoyin Gouguoyin Phprap 1.0.4 Gouguoyin Phprap 1.0.5 Gouguoyin Phprap 1.0.6 Gouguoyin Phprap 1.0.7 Gouguoyin Phprap 1.0.8	5

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/gouguoyin/phprap/issues/89
https://github.com/gouguoyin/phprap/issues/89