Vulnerabilities > CVE-2018-11031 - Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

gouguoyin

CWE-918

critical

NVD

Published: 2018-05-14

Updated: 2018-06-19

Summary

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

Vulnerable Configurations

Part	Description	Count
Application	Gouguoyin Gouguoyin Phprap *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/gouguoyin/phprap/issues/89