Vulnerability Database

phpinfo Exposure

phpinfo is a popular file containing information on the version of the PHP interpreter. It can be used to figure out what version of PHP runs on the server, the environment variables, cookies, and what modules are loaded.

Attackers can use phpinfo to glean information on the server configuration and operating system and figure out what software is running. For example, knowing what version of PHP is running, what the webserver is, what modules are installed, and the associated environment variables can give attackers an idea of what vulnerabilities might present.


Remove all phpinfo files or ensure they are protected by authentication.


  • Specifically designed for medium and large Enterprises
  • All Tools, Services, and Plans
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing