Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Laravel debug mode enabled - Vulnerability Database

Laravel debug mode enabled

Description

The Laravel framework is running with debug mode enabled in a production environment. When enabled, Laravel's debug mode exposes detailed error messages, stack traces, environment variables, and application configuration details to end users. This feature is intended solely for development environments and should always be disabled in production to prevent information disclosure.

Remediation

Disable Laravel debug mode immediately by setting the APP_DEBUG environment variable to false. This can be accomplished through the following steps:

1. Open the .env file in your Laravel application root directory
2. Locate the APP_DEBUG configuration variable
3. Set it to false:

APP_DEBUG=false

4. Clear the application cache to ensure the change takes effect:
php artisan config:cache

5. Verify the change by triggering an error and confirming that detailed debug information is no longer displayed

For production deployments, ensure your deployment process automatically sets APP_DEBUG=false and that this setting is enforced through environment-specific configuration management.

References

Error Handling

Related Vulnerabilities

Error page web server version disclosure Information
Common tags: Configuration Error Handling
Node.js Web Application does not handle uncaughtException Medium
Common tags: Configuration Error Handling
CodeIgniter development mode enabled Medium
Common tags: Configuration Error Handling
Symfony running in dev mode Medium
Common tags: Configuration Error Handling
Pyramid DebugToolbar enabled Medium
Common tags: Configuration Error Handling

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Error Handling