Description
This server is configured to display PHP error messages. One or more fully qualified path names were found on this page. From this information the attacker may learn the file system structure from the web server. This information can be used to conduct further attacks.
Remediation
Prevent this information from being displayed to the user. This can be done in PHP's php.ini file or in Apache's httpd.conf file:
php.ini:
display_errors = 'off'apache2.conf:
php_flag display_errors off
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Information Disclosure (2.4.8)
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)
[Possible] Internal Path Disclosure (Windows)
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)