Findings

Connected

Findings

181 open · 47 resolved this month

Needs review

	Severity	Finding	Affected Resource	Tool	Engagement	CVSS	Found
	Critical	Unauth RCE via phpinfo exposure Review CVE-2024-47176 · CISA KEV	apex-corp.prod/info.php	Nuclei	Apex-Corp Q2	9.8	2h ago
	Critical	SQLi in /api/users/search?q= UNION-based, extractable via sqlmap	/api/users/search	Agent	Apex-Corp Q2	9.1	4h ago
	Critical	Default admin creds on Jenkins master admin:admin	ci.apex-corp.prod:8080	Metasploit	Apex-Corp Q2	9.4	5h ago
	High	Outdated OpenSSL 1.0.2 CVE-2021-3711 · heap overflow	bastion.apex-corp.prod:443	Nmap	Apex-Corp Q2	7.5	6h ago
	High	SSH weak cipher: arcfour256 Legacy cipher accepted on bastion	bastion.apex-corp.prod:22	Nmap	Northwind	7.1	8h ago
	Medium	Missing X-Frame-Options header Clickjacking exposure	admin.apex-corp.com	ZAP	Apex-Corp Q2	5.4	11h ago
	Low	Server version header disclosed Apache/2.4.52 (Ubuntu)	www.apex-corp.com	Nmap	Globex Internal	3.1	1d ago

Showing 1–50 of 181 findings

Per page

Page 1 of 4

Critical Nuclei Review

Unauth RCE via phpinfo exposure

CVE-2024-47176 CISA KEV · Logged 2h ago

https://apex-corp.prod/info.php

CVSS

9.8

AV:N/AC:L/PR:N

EPSS

87%

99.2 pctile

Age

2h

Found by Agent

Status

Description

The phpinfo() page is exposed at /info.php. This discloses the server's full PHP configuration including loaded extensions and environment variables. Combined with a path traversal in the admin portal, this allowed remote code execution with apache2 privileges.

Remediation

Remove or restrict access to info.php. Configure Apache to deny public access to any phpinfo-exposing endpoints.

Agent reasoning

Found info.php during recon via directory fuzzing. Verified phpinfo output reveals register_globals off but allow_url_include=On. Pivoted to admin portal and found LFI at ?page=, chained with php://input wrapper for RCE.

Evidence · 3 files

phpinfo-exposure.png 324 KB rce-poc.txt 2 KB nuclei-output.json 8 KB

·