CWE-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

PHP enable_dl Is Enabled

Severity:
Medium
Summary

Invicti detected that the enable_dl directive is enabled.

Impact

When the enable_dl directive is enabled, PHP will ignore all open_basedir restrictions and dynamic load PHP modules using dl(). These could potentially allow an attacker to circumvent restrictions and potentially allow access to any file on the system.

In general, this configuration setting has the potential to lead to critical issues. While it is helpful for an attacker to view the actual application code, in many cases, it is not required for successful exploitation. It is, therefore, strongly advised to disable this configuration option.

Remediation
Required Skills for Successful Exploitation
Actions To Take

To disable enable_dl, you can set it to 'off' in the php.ini configuration file

  • php.ini:enable_dl = ‘off’
Classifications
CWE-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Index

You can search and find all vulnerabilities

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Related Vulnerabilities

Featured resources

No items found.
No items found.
View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo