Description

Craft CMS is currently running in development mode on your web application. This mode should not be used in a production environment and must be strictly configured for development purposes only. When enabled, it exposes the Yii2 debug toolkit, which can reveal sensitive information about the application, such as the database structure and configuration values.

Remediation

Disable the development mode in the production environment

References

What Dev Mode Does

Related Vulnerabilities

MediaWiki multiple remote vulnerabilities

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)

WordPress Plugin Gravity Forms Information Disclosure (2.4.8)

WordPress Plugin Advanced Woo Search Information Disclosure (1.99)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Configuration