php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27284 User Password in PHPInfo
Submitted: 2004-02-16 21:50 UTC Modified: 2004-02-17 02:37 UTC
From: adam at comsmart dot org Assigned:
Status: Not a bug Package: PHP options/info functions
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
 [2004-02-16 21:50 UTC] adam at comsmart dot org
Description:
------------
When you call the phpinfo function, it posts your password on the resulting page. Therefore, you can not include a call to phpinfo on any public page, because people could get into your system. I think that the default call to phpinfo should not output the username/password of the owner of the file.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-17 02:37 UTC] helly@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

I assume you mean environment information which you can skip in the output (RTFM). Otherwise the function is never meant to be shown to every user.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Aug 10 19:01:25 2020 UTC