MidnightBSD

Advisories for gouguoyin

CVE-2018-11031 HIGH

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
gouguoyin phprap *
CVE-2018-11032 HIGH

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gouguoyin phprap *