CVE-2023-49282P4HIGHCVSS 7.5≥ 1.16.0, < 1.109.1·≥ 2.0.0-RC1, < 2.0.12023-12-05
CVE-2023-49282 [HIGH] CWE-200 Test code in published microsoft-graph package exposes phpinfo()
Test code in published microsoft-graph package exposes phpinfo()
### Impact
The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information.
The vulnerability affects the GetPhpInf
ghsaosv