CVE-2018-11031

2018-05-1400:00:00

mitre

www.cve.org

phprap

ssrf

debug controller

AI Score

9.5

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

References

github.com/gouguoyin/phprap/issues/89