Description

The web application uses Laravel framework. Laravel Terminal is enabled and accessible. In production environment, it leads to disclosure of sensitive information about the web application.

Remediation

Disable the Terminal or restrict access to it

References

Laravel Terminal

Related Vulnerabilities

WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2)

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)

Oracle E-Business Suite iStore open user registration

WordPress Plugin AlertWire Information Disclosure (1.1.1)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration