Description

One or more phpinfo() pages were found. The phpinfo() function exposes a large amount of information about the PHP configuration and that of its environment. This includes information about PHP compilation options and extensions, the PHP version, server information, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Remediation

Remove either the call to the phpinfo() function from the file(s), or the file(s) itself.

References

PHP phpinfo

Related Vulnerabilities

XML external entity injection (variant)

WordPress Plugin Unyson Information Disclosure (2.7.18)

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

[Possible] Database Connection String Detected

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files