CVE-2018-11031

2022-10-0316:21:50

mitre

www.cve.org

phprap

ssrf

debug controller

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

References

github.com/gouguoyin/phprap/issues/89