Login Sign Up

CVE-2018-11031

9.8 CRITICAL
SSRF

📋 TL;DR

CVE-2018-11031 is a Server-Side Request Forgery (SSRF) vulnerability in PHPRAP API documentation tool. It allows attackers to make unauthorized requests from the vulnerable server to internal systems or files. This affects PHPRAP versions 1.0.4 through 1.0.8 with the debug module enabled.

💻 Affected Systems

Products:
  • PHPRAP
Versions: 1.0.4 through 1.0.8
Operating Systems: All operating systems running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires debug.php to be accessible. Some installations may have debug module disabled by default.

📦 What is this software?

Phprap by Gouguoyin

View all CVEs affecting Phprap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through internal service exploitation, sensitive file disclosure, or lateral movement to internal network resources.

🟠

Likely Case

Information disclosure of internal files (like /etc/passwd) and internal service enumeration.

🟢

If Mitigated

Limited impact if debug module is disabled or proper network segmentation prevents internal access.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP POST requests to the debug endpoint.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP POST request with api[url] parameter. Proof of concept available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.9 and later

Vendor Advisory: https://github.com/gouguoyin/phprap/issues/89

Restart Required: No

Instructions:

1. Upgrade PHPRAP to version 1.0.9 or later. 2. Replace application/home/controller/debug.php with patched version. 3. Verify debug functionality is properly secured.

🔧 Temporary Workarounds

Disable debug module

linux

Remove or restrict access to the debug.php file

mv application/home/controller/debug.php application/home/controller/debug.php.disabled
chmod 000 application/home/controller/debug.php

Web server access control

all

Block access to /debug URI via web server configuration

# Apache: <Location /debug> Require all denied </Location>
# Nginx: location /debug { deny all; }

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate PHPRAP server from internal resources.
  • Deploy web application firewall (WAF) rules to block SSRF patterns and /debug endpoint access.

🔍 How to Verify

Check if Vulnerable:

Send POST request to /debug with api[url]=file:////etc/passwd&api[method]=get and check if file contents are returned.

Check Version:

Check PHPRAP version in application configuration files or via composer show if installed via Composer.

Verify Fix Applied:

Attempt same exploit after patching - should receive error or no file contents.

📡 Detection & Monitoring

Log Indicators:

  • HTTP POST requests to /debug endpoint
  • Requests with api[url] parameter containing file:// or internal IP addresses

Network Indicators:

  • Outbound connections from PHPRAP server to internal services initiated by /debug requests

SIEM Query:

source="web_access.log" AND uri="/debug" AND method="POST" AND (param="api[url]" OR param="api[method]")

📊 Metadata

CVE ID: CVE-2018-11031
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: May 14, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-11031, you might also want to check these:

CVE-2018-14721 10.0

CVE-2018-14721 is a Server-Side Request Forgery (SSRF) vulnerability in FasterXML jackson-databind v...

Same vulnerability type (CWE-918)
CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2019-13020 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Tightrope Media Carousel's ...

Same vulnerability type (CWE-918)