PHP Console addon enabled
Description
The PHP Console server library has been detected in the web application. PHP Console is a debugging tool that provides remote access to PHP errors, exceptions, and variables through browser developer tools. When enabled in production environments or improperly configured in development, it can expose sensitive application internals, configuration details, database queries, and system information to unauthorized parties.
Remediation
Remove or disable PHP Console in production environments immediately. If PHP Console is required for development purposes, implement the following safeguards:
1. Restrict access using IP address whitelisting to only allow trusted developer machines
2. Enable password protection for the console interface
3. Configure the allowed IP addresses in your PHP Console initialization:
$handler = PhpConsole\Handler::getInstance();
$handler->getConnector()->setPassword('strong-password-here', true);
$handler->getConnector()->setAllowedIpMasks(array('192.168.1.*'));
4. Ensure PHP Console is never deployed to production by excluding it from production dependencies in composer.json (move to require-dev section)
5. Implement environment-based configuration to automatically disable debugging tools in production environments