Description

The Yii2 debug toolkit was found in the web application. Usage of the debug toolkit should be avoided in production and strictly configured in a development environment, as the toolkit discloses sensitive information about the web application (e.g. database structure, configuration values)

Remediation

Disable the debug toolkit or restrict access to proper IP addresses only

References

Yii2 Framework: Debug toolbar and debugger

Yii2 Framework: Security best practices

Related Vulnerabilities

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.13)

Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)

Insecure Protocol Detected in Content Security Policy (CSP)

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.3)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration Information Disclosure