allow_url_include Enabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “allow_url_include” option is enabled, it is possible to retrieve data from remote places such as servers for uploading files (FTP) or websites using functions like “fopen”.
If a user’s input is not being validated properly, we may be exposed to “remote file inclusion vulnerabilities”.

This may have several different consequences, depending on the included functionality, some examples are :

Injection of malicious malware.
Information exposure by granting excessive privileges or permissions to the untrusted sources or functions.
Stealing user’s saved session data (Cookies).

Recommendation

Disable “allow_url_include” from :

For php.ini : allow_url_include = ‘off’
For .htaccess : php_flag allow_url_include off.

References

https://www.php.net/manual/en/filesystem.configuration.php
https://cwe.mitre.org/data/definitions/16.html

Possible Social Security Number Disclosure

Description Cytrix has possibly detected a Social Security Number in your system. That means that...

Possible Credit Card Number Disclosure

Description Cytrix has possibly detected a Credit Card Number in your system. This exposure can...

Internal IP Disclosure

Description Cytrix has detected an internal IPv4 address in your system. Internal IP Disclosure...

External IP Disclosure

Description Cytrix has detected an external IPv4 address in your system. External IP Disclosure...