Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using the ‘phpinfo’ function exposes detailed information about your server’s PHP configuration, environment variables, and installed modules. This can give away sensitive setup details that should not be accessible to users.
Impact#
If an attacker accesses output from ‘phpinfo’, they can gather critical information like file paths, software versions, and enabled extensions. This data may help them find and exploit other vulnerabilities, increasing the risk of targeted attacks or unauthorized access.