Skip to main content

Phprap

2 CVEs product

Monthly

CVE-2018-11032 CRITICAL POC Act Now

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-11031 CRITICAL POC Act Now

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phprap
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Phprap
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy