Description

The web application uses Laravel framework. Laravel Terminal is enabled and accessible. In production environment, it leads to disclosure of sensitive information about the web application.

Remediation

Disable the Terminal or restrict access to it

References

Laravel Terminal

Related Vulnerabilities

WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)

webadmin.php script

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.1)

Amazon S3 public bucket

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration