Stack Trace Disclosure (PHP)

Severity:

Low

Summary

Invicti identified a stack trace disclosure (PHP) in the target web server's HTTP response.

Impact

An attacker can obtain information such as:

PHP version.
Physical file path of PHP files.
Information about the generated exception and possibly source code, SQL queries, etc.

This information might help an attacker gain more information and potentially focus on the development of further attacks for the target system.

Remediation

Apply following changes on your php.ini file to prevent information leakage by applying custom error pages. display_errors = Off If you want to set it within PHP code, you can use the following code: ini_set('display_errors', 'Off');

Required Skills for Successful Exploitation

Actions To Take

Classifications

PCI v3.2-6.5.5

CAPEC-214

CWE-248

HIPAA-164.306(a), 164.308(a)

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Spring Boot Actuator Endpoint Detected

Liferay Portal Detected

Axway SecureTransport Server Identified

Ramda Identified

Version Disclosure (dotCMS)

Stack Trace Disclosure (PHP)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.