DerScanner
Home / Vulnerability Database / Config files : Excessive permissions
Config files

Config files : Excessive permissions

Classification

OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
OWASP ASVS
Malicious CodeAccess ControlAccess ControlAccess ControlAccess Control
CWE
CWE-434
CWE/SANS Top 25 2011
CWE-434
CWE/SANS Top 25 2021
CWE-434

Overview

Possibly some permissions requested by the application might be unnecessary for its functionality.

In accordance with the Principle of least privilege, it is recommended to have only necessary permissions.

References

  1. Description of core php.ini directives
  2. PHP Misconfiguration: file_uploads Enabled
  3. OWASP Top 10 2021-A5-Security Misconfiguration
  4. OWASP Top 10 2017-A6-Security Misconfiguration
  5. CWE-434: Unrestricted Upload of File with Dangerous Type
LOW

DerScanner Severity Score

Do you want to fix Config files : Excessive permissions in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection