Add CVE-2021-37704 template

2021-08-14 16:22:35 +00:00 · 2021-08-14 16:22:35 +00:00 · 180219cc63
parent 51b15ff0d4
commit 180219cc63
1 changed files with 18 additions and 0 deletions
--- a/cves/2021/CVE-2021-37704.yaml
+++ b/cves/2021/CVE-2021-37704.yaml
@ -0,0 +1,18 @@
+id: CVE-2021-37704
+
+info:
+  name: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache.
+  author: whoever
+  severity: low
+  tags: cve,composer,phpinfo
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php"
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and