Description

The Yii2 debug toolkit was found in the web application. Usage of the debug toolkit should be avoided in production and strictly configured in a development environment, as the toolkit discloses sensitive information about the web application (e.g. database structure, configuration values)

Remediation

Disable the debug toolkit or restrict access to proper IP addresses only

References

Yii2 Framework: Debug toolbar and debugger

Yii2 Framework: Security best practices

Related Vulnerabilities

Zabbix Guest Access

SAP weak/predictable user credentials

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6612)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9848)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration Information Disclosure