Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

PHP enable_dl Is Enabled

Severity: Medium
Summary#

Invicti detected that the enable_dl directive is enabled.

Impact#

When the enable_dl directive is enabled, PHP will ignore all open_basedir restrictions and dynamic load PHP modules using dl(). These could potentially allow an attacker to circumvent restrictions and potentially allow access to any file on the system.

In general, this configuration setting has the potential to lead to critical issues. While it is helpful for an attacker to view the actual application code, in many cases, it is not required for successful exploitation. It is, therefore, strongly advised to disable this configuration option.

Actions To Take#

To disable enable_dl, you can set it to 'off' in the php.ini configuration file

  • php.ini: 
    enable_dl = ‘off’
Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works