Blog
Support
Contact
Login

Sensitive Information

INFO.PHP Information Disclosure Discovered

 

Description

info.php file is a PHP file on web servers that contains detailed sensitive information about the configuration of the server, PHP settings, version information of the products used in the system, user, and other system information. Due to the sensitive information contained in the file, it is a file that should not be open to the outside world. An attacker who accesses this file can use the information contained in the file against the system.

Impact:

The info.php file can allow attackers to gather detailed information about the server's configuration, including operating system details, software versions, installed modules, and other system-specific information. Disclosing system details can help identify vulnerabilities or misconfigurations.

Mitigation:

Evaluate the necessity of having an "info.php" file on the server. If it is not essential, it is recommended to remove it entirely. If it is required for administrative or debugging purposes, ensure that access to the file is restricted to authorized personnel only.

Restrict access to the file based on the principle of least privilege, allowing only necessary personnel to access it.

Severity

Medium

Tags

Configuration

Related Vulnerabilities

Start Your Free Trial Now!

The 30-day free trial of ThreatMon allows users to explore the product's security benefits. During this trial period, you can test Threat Intelligence data, detect threats to your organization and recommend security measures.

Start Free Trial