Description

Craft CMS is currently running in development mode on your web application. This mode should not be used in a production environment and must be strictly configured for development purposes only. When enabled, it exposes the Yii2 debug toolkit, which can reveal sensitive information about the application, such as the database structure and configuration values.

Remediation

Disable the development mode in the production environment

References

What Dev Mode Does

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)

PHP X Prober publicly accessible

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Configuration