Cross site request forgery (csrf)

2018-05-1400:29:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

CPENameOperatorVersion
phprapge1.0.4
phpraple1.0.8

CPE	Name	Operator	Version
	phprap	ge	1.0.4
	phprap	le	1.0.8

References

github.com/gouguoyin/phprap/issues/89