Description

The configuration directive enable_dl instructs PHP whether or not to enable dynamic loading of PHP modules with dl(). If you enable dynamic module loading, it's possible to bypass the safe_mode restrictions. Dynamic loading is enabled by default.

Remediation

You can disable enable_dl from php.ini

php.ini
enable_dl = off

References

PHP enable_dl Is Enabled | Invicti

Related Vulnerabilities

Invalid SSL Certificate

Apache ZooKeeper Unauthorized Access Vulnerability

Yii2 weak secret key

Symfony web debug toolbar

TLS/SSL certificate key size too small

Severity

Medium

Classification

CWE-470 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration