PHP : Safe mode disabled

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

HIPAA

§164.312 (e)(2)(i)

CWE

CWE-1031

Overview

Safe mode is one of the most important PHP security settings.

Disabled safe_mode option means that PHP will work with files with the privileges of the user who is running PHP (often it is the superuser). Disabled safe_mode is not a vulnerability itself but can facilitate the implementation of other types of attacks.

If the safe_mode option is enabled, the safe_mode_exec_dir option specifies the directory, files from which can be executed.

References

CWE-553: Command Shell in Externally Accessible Directory
OWASP Top 10 2017-A6-Security Misconfiguration
CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control

MEDIUM

PHP : Safe mode disabled

Classification

Overview

References

DerScanner Severity Score

Do you want to fix PHP : Safe mode disabled in your application?

See also

PHP : Null salt

PHP : Empty password

PHP : Empty salt