VYPR
← All advisories
Moderate severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

Exposed phpinfo() in PhpFastCache

CVE-2021-37704

Description

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo() can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will NOT be patched. As a workaround, protect the /vendor directory from public access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpfastcache/phpfastcachePackagist
< 6.1.56.1.5
phpfastcache/phpfastcachePackagist
>= 7.0.0, < 7.1.27.1.2
phpfastcache/phpfastcachePackagist
>= 8.0.0, < 8.0.78.0.7

Affected products

2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.