microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo
function, specifically through the GetPhpInfo.php
script, which can expose sensitive system information if the server is misconfigured to make the application’s /vendor directory web accessible.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft/microsoft-graph-core | le | 2.0.1 | |
microsoft/microsoft-graph-core | le | 2.0.1 |