Description

The Yii2 debug toolkit was found in the web application. Usage of the debug toolkit should be avoided in production and strictly configured in a development environment, as the toolkit discloses sensitive information about the web application (e.g. database structure, configuration values)

Remediation

Disable the debug toolkit or restrict access to proper IP addresses only

References

Yii2 Framework: Debug toolbar and debugger

Yii2 Framework: Security best practices

Related Vulnerabilities

SAP NetWeaver server info information disclosure BCB

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.27)

WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration Information Disclosure