Summary
Many PHP installation tutorials instruct the user to create a file called phpinfo.php. This file is often times left in the root directory after completion.
Some of the information that can be garnered from this file includes: The username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, The system version(unix / linux), and the root directory of the web server.
Solution
remove it
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Athena Web Registration remote command execution flaw
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- ASUS RT56U Router Multiple Vulnerabilities