Description

The web application uses Laravel framework. Laravel Terminal is enabled and accessible. In production environment, it leads to disclosure of sensitive information about the web application.

Remediation

Disable the Terminal or restrict access to it

References

Laravel Terminal

Related Vulnerabilities

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)

Possible Database Name Disclosure

WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)

WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration