Description

One or more phpinfo() pages were found. The phpinfo() function exposes a large amount of information about the PHP configuration and that of its environment. This includes information about PHP compilation options and extensions, the PHP version, server information, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Remediation

Remove either the call to the phpinfo() function from the file(s), or the file(s) itself.

References

PHP phpinfo

Related Vulnerabilities

VMware Horizon Log4Shell RCE

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files