Description

The PHP Coding Standards Fixer (PHP CS Fixer) is a tool designed to automatically fix PHP coding standards issues. This tool has a caching mechanism that is enabled by default. The caching mechanism creates a file named (by default) .php_cs.cache.

It was confirmed that this cache file is publicly accessible in this directory. This cache file contains potentially sensitive information and it's recommended to restrict access to this file.

Remediation

You should restrict access to the .php_cs.cache file by adjusting your web server configuration.

References

PHP-CS-Fixer

PHP Coding Standards Fixer

Related Vulnerabilities

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

Unrestricted access to a monitoring system

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.10)

Apache solr service exposed

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files