phpinfo() Found

Impact: Medium


The phpinfo() method in PHP reveals extensive details about the PHP environment, including configuration settings, server information, and installed extensions. While useful for debugging and configuration purposes, exposing this information in a production environment poses a security risk. Attackers can leverage the disclosed information to identify vulnerabilities and tailor their attacks accordingly.


Avoid exposing sensitive information by removing the phpinfo() page or eliminating the phpinfo() function calls from production code. Restrict access to such information to authorized personnel only.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing