Description
OPcache improves PHP performance by storing precompiled script bytecode in shared memory, thereby removing the need for PHP to load and parse scripts on each request.
The OPcache Status (opcache-status) package provides an one-page status page for PHP OPcode caching. This page outputs a large amount of information about the current state of PHP OPcache that could help an attacker to prepare more advanced attacks. It's recommended to restrict access to this page.
Remediation
Remove the opcache-status page from production systems or restrict access to this page.
References
Related Vulnerabilities
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)
WordPress W3 Total Cache plugin predictable cache filenames
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-46158)