Stack Trace Disclosure (PHP)
Summary#
Invicti identified a stack trace disclosure (PHP) in the target web server's HTTP response.
Impact#
An attacker can obtain information such as:
- PHP version.
- Physical file path of PHP files.
- Information about the generated exception and possibly source code, SQL queries, etc.
Remediation#
Apply following changes on your
php.ini
file to prevent information leakage by applying custom error pages. display_errors = OffIf you want to set it within PHP code, you can use the following code:
ini_set('display_errors', 'Off');
Classifications#