Details
Alert ID 10099
Alert Type Passive
Status beta
Risk Medium
CWE 540
WASC 13
Technologies Targeted All
Tags CWE-540
OWASP_2017_A06
OWASP_2021_A05
POLICY_DEV_STD
POLICY_PENTEST
POLICY_QA_STD
More Info Scan Rule Help

Summary

Application Source Code was disclosed by the web server. - PHP

Solution

Ensure that application Source Code is not available with alternative extensions, and ensure that source code is not present within other files or data deployed to the web server, or served by the web server.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java