Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Yii2 debug toolkit - Vulnerability Database

Yii2 debug toolkit

Description

The Yii2 debug toolkit was found in the web application. Usage of the debug toolkit should be avoided in production and strictly configured in a development environment, as the toolkit discloses sensitive information about the web application (e.g. database structure, configuration values)

Remediation

Disable the debug toolkit or restrict access to proper IP addresses only

References

Yii2 Framework: Debug toolbar and debugger
Yii2 Framework: Security best practices

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration Information Disclosure
Apache stronghold-status enabled Low
Common tags: Configuration Information Disclosure
JBoss Server MBean High
Common tags: Configuration Information Disclosure
JBoss JMX Console Unrestricted Access High
Common tags: Configuration Information Disclosure
JBoss Web Console JMX Invoker High
Common tags: Configuration Information Disclosure

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration
Information Disclosure