Description

One or more phpinfo() pages were found. The phpinfo() function exposes a large amount of information about the PHP configuration and that of its environment. This includes information about PHP compilation options and extensions, the PHP version, server information, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Remediation

Remove either the call to the phpinfo() function from the file(s), or the file(s) itself.

References

PHP phpinfo

Related Vulnerabilities

WordPress Plugin Shopp Multiple Vulnerabilities (1.0.17)

JetBrains .idea project directory

Nginx memory disclosure with specially crafted HTTP backend responses

WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.1)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9855)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files