phpinfo() Found
Impact: Medium
Description
The phpinfo()
method in PHP reveals extensive details about the PHP environment, including configuration settings, server information, and installed extensions. While useful for debugging and configuration purposes, exposing this information in a production environment poses a security risk. Attackers can leverage the disclosed information to identify vulnerabilities and tailor their attacks accordingly.
Recommendation
Avoid exposing sensitive information by removing the phpinfo()
page or eliminating the phpinfo()
function calls from production code. Restrict access to such information to authorized personnel only.
References
👉 You might also like:
Detailed Application and Database Error - Vulnerability
Detailed Application Error - Vulnerability
Old/Backup Resource Found - Vulnerability
PHP Version Disclosure - Vulnerability
Last updated on May 13, 2024