Description

The PHP Console server library was found in the web application. Usage of the PHP Console should be avoided in production and strictly configured in a development environment, as it may disclose sensitive information about the web application

Remediation

Disable the PHP Console or restrict access to it

References

PHP Console addon

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5104)

Nginx memory disclosure with specially crafted HTTP backend responses

WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)

WordPress debug mode

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure