Description

The web application uses Laravel framework. Laravel Terminal is enabled and accessible. In production environment, it leads to disclosure of sensitive information about the web application.

Remediation

Disable the Terminal or restrict access to it

References

Laravel Terminal

Related Vulnerabilities

SAP NetWeaver server info information disclosure

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)

Microsoft Access Database File Detected

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration