H3-2022-0037¶

Laravel Debug Mode Enabled

Description¶

Laravel is a popular PHP framework used for developing web applications. When Laravel's debug mode is enabled in a production environment, it displays detailed error messages and stack traces whenever an error occurs. An attacker could exploit this misconfiguration by deliberately causing errors in the application to gain access to these detailed error messages, which could contain sensitive information such as server configuration, database credentials, and other environment variables.

Impact¶

If an attacker successfully exploits this misconfiguration, they could gain insights into the application's internal workings and obtain sensitive information, potentially leading to further attacks on the application or its associated systems.

References¶

• How to Enable and Disable Debug Mode in Laravel
• CWE-215: Insertion of Sensitive Information Into Debugging Code