Config files : Safe mode disabled

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

HIPAA

§164.312 (e)(2)(i)

CWE

CWE-1031

Overview

Safe mode is one of the most important security settings.

Disabled safe_mode option often means that file will be executed with the privileges of the superuser. Disabled safe_mode is not a vulnerability itself but can facilitate the implementation of other types of attacks.

If the safe_mode option is enabled, the safe_mode_exec_dir option specifies the directory, files from which can be executed.

References

CWE-553: Command Shell in Externally Accessible Directory
OWASP Top 10 2017-A6-Security Misconfiguration
CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control

MEDIUM

Config files : Safe mode disabled

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : Safe mode disabled in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection