phpinfo Exposure
A phpinfo file identified.
- php
- phpinfo
- exposure
phpinfo is a popular file containing information on the version of the PHP interpreter. It can be used to figure out what version of PHP runs on the server, the environment variables, cookies, and what modules are loaded.
Impact
Attackers can use phpinfo to glean information on the server configuration and operating system and figure out what software is running. For example, knowing what version of PHP is running, what the webserver is, what modules are installed, and the associated environment variables can give attackers an idea of what vulnerabilities might present.
Solution
Remove all phpinfo files or ensure they are protected by authentication.
Was this page helpful?