CVE-2024-46547
📋 TL;DR
This vulnerability allows unauthorized users to access sensitive information through the PHP Info Page in Wampserver due to improper access control. All versions of Wampserver are affected, potentially exposing server configuration details, environment variables, and other sensitive data to attackers.
💻 Affected Systems
- Wampserver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain sensitive server configuration details, database credentials, environment variables, and other critical information that could lead to full system compromise.
Likely Case
Unauthorized users accessing PHP configuration information, potentially revealing server paths, installed modules, and other system details that could aid further attacks.
If Mitigated
With proper access controls, only authorized administrators can access PHP Info pages, preventing information disclosure.
🎯 Exploit Status
Exploitation requires simply accessing the PHP Info page URL without authentication. The GitHub gist provides technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Apply workarounds or restrict access to PHP Info pages.
🔧 Temporary Workarounds
Restrict PHP Info Page Access
allConfigure Apache to restrict access to phpinfo.php or disable the PHP Info page entirely
# In Apache configuration or .htaccess:
<Files "phpinfo.php">
Require all denied
</Files>
# Alternative: Remove or rename phpinfo.php file
mv /path/to/phpinfo.php /path/to/phpinfo.php.disabled
IP Restriction
allRestrict access to PHP Info pages to specific IP addresses only
# In Apache configuration or .htaccess:
<Files "phpinfo.php">
Require ip 192.168.1.0/24
Require ip 10.0.0.0/8
</Files>
🧯 If You Can't Patch
- Implement network segmentation to isolate Wampserver instances from untrusted networks
- Deploy a web application firewall (WAF) to block access to phpinfo.php paths
🔍 How to Verify
Check if Vulnerable:
Access http://[server-address]/phpinfo.php without authentication. If PHP configuration information is displayed, the system is vulnerable.Check Version:
Check Wampserver version in the system tray icon or via the Wampserver interfaceVerify Fix Applied:
Attempt to access phpinfo.php without authentication. You should receive a 403 Forbidden error or similar access denial.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to /phpinfo.php from unauthorized IPs
- Multiple requests to phpinfo.php from single IP
Network Indicators:
- Unusual traffic to phpinfo.php endpoint
- External IPs accessing PHP Info pages
SIEM Query:
source="apache_access.log" AND uri="/phpinfo.php" AND response="200" AND NOT src_ip IN (allowed_admin_ips)