phpinfo Exposure

phpinfo is a popular file containing information on the version of the PHP interpreter. It can be used to figure out what version of PHP runs on the server, the environment variables, cookies, and what modules are loaded.

Impact

Attackers can use phpinfo to glean information on the server configuration and operating system and figure out what software is running. For example, knowing what version of PHP is running, what the webserver is, what modules are installed, and the associated environment variables can give attackers an idea of what vulnerabilities might present.

Solution

Remove all phpinfo files or ensure they are protected by authentication.