Phpinfo() Output Accessible Network Vulnerability

Summary

Many PHP installation tutorials instruct the user to create a file called phpinfo.php. This file is often times left in the root directory after completion. Some of the information that can be garnered from this file includes: The username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, The system version(unix / linux), and the root directory of the web server.

Solution

remove it

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
Avenger's News System Command Execution
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability

phpinfo() output accessible

Take action and discover your vulnerabilities