Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Symfony Profiler open - Vulnerability Database

Symfony Profiler open

Description

The Symfony Profiler is a development tool that provides detailed debugging information about application requests, including configuration details, database queries, routing information, and environment variables. When left enabled in production environments or accessible without authentication, it exposes sensitive technical details about the application's internal architecture and data flow.

Remediation

Disable the Symfony Profiler in production environments by setting the profiler configuration to false. In your config/packages/prod/web_profiler.yaml file, ensure the profiler is disabled:

framework:
    profiler: false

Alternatively, verify that the profiler is only enabled in development mode by checking config/packages/dev/web_profiler.yaml and ensuring production environments use the prod configuration. If the profiler must remain accessible for debugging purposes, restrict access using IP whitelisting or firewall rules to allow only trusted internal networks, and implement strong authentication mechanisms.

References

Symfony Profiler

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0) High
Common tags: Information Disclosure
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) High
Common tags: Information Disclosure
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) High
Common tags: Information Disclosure
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) High
Common tags: Information Disclosure

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure