Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "PHP-FPM Config file disclosure" module is designed to detect a misconfiguration in the PHP-FPM software. PHP-FPM is a FastCGI Process Manager for PHP that is commonly used to improve the performance and scalability of PHP-based websites. This module focuses on identifying a specific vulnerability related to the exposure of the PHP-FPM configuration file.
The severity of this vulnerability is classified as low, indicating that it may not pose a significant threat but should still be addressed to ensure the security of the PHP-FPM installation.
This module was authored by sheikhrishad.
If the PHP-FPM configuration file is exposed, it can potentially reveal sensitive information about the server setup, including pool definitions and other FPM configuration details. This information can be leveraged by attackers to gain insights into the server's architecture and potentially exploit any weaknesses or misconfigurations.
The "PHP-FPM Config file disclosure" module operates by sending an HTTP GET request to the "/php-fpm.conf" path. It then applies two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports the vulnerability, highlighting the potential exposure of the PHP-FPM configuration file.