Invicti detected that the
enable_dl directive is enabled.
enable_dl directive is enabled, PHP will ignore all
open_basedir restrictions and dynamic load PHP modules using
dl(). These could potentially allow an attacker to circumvent restrictions and potentially allow access to any file on the system.
In general, this configuration setting has the potential to lead to critical issues. While it is helpful for an attacker to view the actual application code, in many cases, it is not required for successful exploitation. It is, therefore, strongly advised to disable this configuration option.
enable_dl, you can set it to 'off' in the php.ini configuration file
enable_dl = ‘off’