Acunetix 360 identified an information disclosure (phpinfo()).
phpinfo() is a debug functionality that prints out detailed information on both the system and the PHP configuration.
An attacker can obtain information such as:
- Exact PHP version.
- Exact OS and its version.
- Details of the PHP configuration.
- Internal IP addresses.
- Server environment variables.
- Loaded PHP extensions and their configurations.
Actions To Take
- Remove pages that call phpinfo() from the web server.