Description

The web application uses Laravel framework. Laravel Terminal is enabled and accessible. In production environment, it leads to disclosure of sensitive information about the web application.

Remediation

Disable the Terminal or restrict access to it

References

Laravel Terminal

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.33)

WordPress Plugin Jigoshop Information Disclosure (1.17.9)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.12)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration