Security Test: Exposed settings.php¶
Description¶
Default Severity:
Developers often leave backup copies of settings files behind, which is risky because these files usually contain sensitive data like database credentials and secret keys. If an attacker gets hold of one of these backups, they can use that information to break into your systems, steal data, or cause other harm. The vulnerability comes from storing these backups in accessible locations and not cleaning them up during deployment. It's important to be mindful of what files are publicly available and to double-check that no leftover sensitive backups are sitting around.
Configuration¶
Identifier:
information_disclosure/exposed_settings.php
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.8 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.3 |
| NIST | SP800-123 |
| FedRAMP | SI-2 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS Score | 3.0 |