Description

The PHP Console server library was found in the web application. Usage of the PHP Console should be avoided in production and strictly configured in a development environment, as it may disclose sensitive information about the web application

Remediation

Disable the PHP Console or restrict access to it

References

PHP Console addon

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)

MinIO Information Disclosure (CVE-2023-28432)

WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.37)

API Sensitive Info(PII) accessible without authentication

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure