Description

Craft CMS is currently running in development mode on your web application. This mode should not be used in a production environment and must be strictly configured for development purposes only. When enabled, it exposes the Yii2 debug toolkit, which can reveal sensitive information about the application, such as the database structure and configuration values.

Remediation

Disable the development mode in the production environment

References

What Dev Mode Does

Related Vulnerabilities

WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

SAP NetWeaver server info information disclosure

Typo3 sensitive files

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Configuration