phpinfo() Found
Impact: Medium
Description
The phpinfo()
method in the PHP programming language discloses a large amount of information about the PHP, extensions, server, and environments. Since different environments have a different setup, the phpinfo()
can help to figure out the configurations. It can also facilitate the debugging process. Using this function call in the production environment can be dangerous because the provided information is valuable for attackers to develop their attack.
Recommendation
Remove the page or remove the phpinfo()
function call.
References
👉 You might also like:
PHP Version Disclosure - Vulnerability
Werkzeug Interactive Debugging is Active - Vulnerability
Detailed Application and Database Error - Vulnerability
Detailed Application Error - Vulnerability
Last updated on February 15, 2021