Description

This server is configured to display PHP error messages. One or more fully qualified path names were found on this page. From this information the attacker may learn the file system structure from the web server. This information can be used to conduct further attacks.

Remediation

Prevent this information from being displayed to the user. This can be done in PHP's php.ini file or in Apache's httpd.conf file:
php.ini:

display_errors = 'off'
apache2.conf:
php_flag  display_errors  off

References

Full Path Disclosure

Related Vulnerabilities

SharePoint user enumeration

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)

WordPress Plugin TRADIES Information Disclosure (2.2.6)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure