Vulnerabilities/

phpinfo() Found

Severity:
Medium

Description

The phpinfo() method in PHP reveals extensive details about the PHP environment, including configuration settings, server information, and installed extensions. While useful for debugging and configuration purposes, exposing this information in a production environment poses a security risk. Attackers can leverage the disclosed information to identify vulnerabilities and tailor their attacks accordingly.

Recommendation

Avoid exposing sensitive information by removing the phpinfo() page or eliminating the phpinfo() function calls from production code. Restrict access to such information to authorized personnel only.

References

Related Issues

Tags:
Information Disclosure
PHP
Anything's wrong? Let us know Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing