While analyzing an HTTP response, Invicti identified a stack trace that was exposed by the Laravel framework due to a misconfiguration.
An attacker can obtain information such as:
- Function names
- Physical file paths of relevant files.
- Function parameters
This information might help an attacker gain more information and potentially focus on the development of further attacks against the target system.
config/app.phpfile to disable debug mode, which is responsible for the visible stack traces:
'debug' => (bool) env('APP_DEBUG', false)