|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68726 Full Path Disclosure Vulnerability
Submitted: 2015-01-02 13:14 UTC Modified: 2015-01-02 14:05 UTC
From: muratyilmazlar1 at gmail dot com Assigned:
Status: Not a bug Package: *Configuration Issues
PHP Version: Irrelevant OS: Windows, Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: muratyilmazlar1 at gmail dot com
New email:
PHP Version: OS:


 [2015-01-02 13:14 UTC] muratyilmazlar1 at gmail dot com
Although in itself does not lead to a real risk of attack,
it allows you to go back to the internal structure of a server via a website
and then to have more information to be used in case of pentesting,
putting at risk not only the safety of the site but around the server that supplies.

Test script:
Here is the official website: version: 2.8.12 version:  2.7.7   

Expected result:
You can reach full path of website and server.

Actual result:
It could help hackers to hack site and sniffing.


add-patch-disc (last revision 2015-01-02 13:15 UTC by muratyilmazlar1 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-02 14:05 UTC]
-Status: Open +Status: Not a bug -Package: MySQL related +Package: *Configuration Issues
 [2015-01-02 14:05 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

This is a configuration issue. You need to turn off the `display_errors` option.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jun 20 20:01:30 2024 UTC