Description

One or more phpinfo() pages were found. The phpinfo() function exposes a large amount of information about the PHP configuration and that of its environment. This includes information about PHP compilation options and extensions, the PHP version, server information, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Remediation

Remove either the call to the phpinfo() function from the file(s), or the file(s) itself.

References

PHP phpinfo

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.4)

InfluxDB Unauthorized Access Vulnerability

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

WordPress Plugin BulletProof Security Information Disclosure (5.1)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files