H3-2022-0045
PHPinfo Page Exposed
Category | SECURITY_MISCONFIGURATION |
Base Score | 2.0 |
Description
The PHPinfo page outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
Impact
Attackers can enumerate the host system and the state of PHP by viewing this file.