The application has Symfony verbose mode enabled.
It enables an attacker to access the following sensitive content :
app_cert_cipher: AES-128-CTR app_cert_iv: '1234567891011121' app_navigation: homepage: { text: Home } tools: { text: Tools, credentials: [tools-view], children: { tools_settings: { text: 'View Installation Settings', credentials: [tools-view], display: hidden }, tools_config: { text: Configuration, credentials: [tools-config-view], display: hidden }, ecomm_config: { text: 'Ecomm Config', credentials: [tools-ecomm-config-view], display: hidden }, ecomm_email_config: { text: 'Ecomm Email Config', credentials: [tools-ecomm-email-view], display: hidden }, user_term: { text: 'Set Current School Term', credentials: [tools-setterm-view], display: hidden }, schools: { text: 'Setup Schools', credentials: [tools-setupschool-view], display: hidden }, athletics: { text: 'Setup Athletic Departments', credentials: [tools-setupschool-view], display: hidden }, cmc_terms: { text: 'Setup CMC Terms', credentials: [tools-setupcmcterms-view], display: hidden }, term_names: { text: 'Setup Term Names', credentials: [tools-termnames-view], display: hidden }, terms: { text: 'Setup Terms', credentials: [tools-setupterms-view], display: hidden }, tax_categories: { text: 'Setup Product Categories', credentials: [tools-categories-view], display: hidden }, payment_type: { text: 'Setup Payment Types', credentials: [tools-setuppaymenttypes-view], display: hidden }, favorite_group: { text: 'Setup Favorite Groups', credentials: [tools-favoritegroups-view], display: hidden }, productmodifiers: { text: 'Setup Product Modifiers', credentials: [tools-productmodifiers-view], display: hidden }, store_state: { text: 'Setup Customer Categories|Statuses', credentials: [tools-config-view], display: hidden }, config_setting_manager: { text: 'Config Settings Manager', credentials: [tools-manageconfigsetting-view], display: hidden }, config_setting: { text: 'Manage Config Settings', credentials: [tools-manageconfigsetting-view], display: hidden }, registered_client: { text: 'Manage Registered Clients', credentials: [tools-registered-client-view], display: hidden }, roles: { text: 'Manage Roles', credentials: [tools-roles-view], display: hidden }, users: { text: 'Manage Users', credentials: [tools-users-view], display: hidden }, phone_number_type: { text: 'Phone Number Types', credentials: [tools-phone-types], display: hidden }, products_packages: { text: 'Manage Product Packages', credentials: [inventory-view-setup-packages], display: hidden }, tools_sms_single: { text: 'SMS Single', credentials: [tools-sms-single], display: hidden }, product_management_tab: { text: 'Product Management', credentials: [product-management-view] }, weborders_tab: { text: 'Web Orders', credentials: [tools-config-view] }, faculty_portal_tab: { text: 'Faculty Portal', credentials: [tools-config-view] }, bba_accounts_tab: { text: ACCOUNTS, credentials: [tools-config-view] } } } inventoryFastAdd: { text: Inventory, credentials: [inventory-view], children: { pricing: { text: 'Market Pricing', credentials: [inv-marketpricing-view] }, pricing_upload_local: { text: 'Market Pricing Upload', credentials: [inv-marketpricing-view] }, inventory_import: { text: 'Inventory Import', credentials: [inv-fastadd-view] }, inventoryFastAdd: { text: 'Inventory Fast Add', credentials: [inv-fastadd-view] }, inventoryClear: { text: 'Zero Inventory', credentials: [inv-zero-view] }, inventoryResetRentalPricing: { text: 'Reset Rental Pricing', attributes: [rentals_enabled], credentials: [inv-rentalreset-view] }, productsCorrect: { text: 'Correct Products With No Data', credentials: [inv-productcorrect-view] }, tools_bulk_pricing: { text: 'Pricing Based on Net', credentials: [inv-bulkpricing-view] }, tools_bulk_ebook_pricing: { text: 'eBook Pricing', credentials: [inv-ebookpricing-view] }, tools_inventory_manual: { text: 'Manual Inventory', credentials: [inv-manual-view] }, inventoryMerchandise: { text: Merchandise, credentials: [inv-manual-view] }, inventoryBarcode: { text: 'Print Barcodes', credentials: [inv-printbarcodes-view] }, pda_import_inventory: { text: 'PDA - Import Inventory', credentials: [inv-pdaimport-view] }, pda_download_guides: { text: 'PDA - Download Guide Data', credentials: [inv-downloadguidedata-view] } } } adoptions: { text: Courses, credentials: [adoptions-view], children: { adoptions_import_courses: { text: 'Import Course File', credentials: [adoptions-view] }, adoption_import: { text: 'Copy From Previous Term', credentials: [adoptions-copyprevious-view] }, adoptions_forms_list: { text: 'Generate Forms', credentials: [adoptions-forms-view] }, adoption_approval: { text: 'Course Approvals', credentials: [adoptions-approval-view] }, course_approvals: { text: 'Approve FP Course Changes', credentials: [adoptions-approval-view] }, adoption_product_query: { text: 'Product Lookup', credentials: [adoptions-view] }, adoptions_list: { text: 'Course Management', credentials: [adoptions-view] }, professors: { text: 'Manage Professors', credentials: [adoptions-view] } } } reports: { text: Reports, credentials: [reports-view], children: { adoptionsReport: { text: 'Adoption Reports', credentials: [reports-adoption-view], display: hidden }, bookbuyer_sales_report: { text: 'Bookbuyer Sales Reports', credentials: [reports-bookbuyer-report-view], display: hidden }, buybacksReport: { text: 'Buybacks Reports', credentials: [reports-buybacks-view], display: hidden }, chargebacksReport: { text: 'Chargeback Report', credentials: [reports-chargebacks-view], display: hidden }, customerReport: { text: 'Customer Reports', credentials: [reports-customer-view], display: hidden }, inventoryReport: { text: 'Inventory Reports', credentials: [reports-inventory-view], display: hidden }, inventoryCategoryReport: { text: 'Inv. By Category Reports', credentials: [reports-inventory-view], display: hidden }, merchandiseReport: { text: 'Merchandise Report', credentials: [reports-inventory-view], display: hidden }, salesReport: { text: 'Sales Reports', credentials: [reports-sales-view], display: hidden }, salesDiscountedReport: { text: 'Discounted Sales', credentials: [reports-sales-view], display: hidden }, salesByAthleticsDeptReport: { text: 'Sales By Athletics Dept', credentials: [reports-sales-view], display: hidden }, rentalitems_report_rentals: { text: 'Rental Items Reports', attributes: [rentals_enabled], credentials: [reports-rental-view], display: hidden }, outstandingRentalsReport: { text: 'Rental Items Outstanding', attributes: [rentals_enabled], credentials: [reports-rental-view], display: hidden }, rentals_report_metrics: { text: 'Rentals Metrics Reports', attributes: [rentals_enabled], credentials: [reports-rental-view], display: hidden }, cybersource_queue: { text: 'Cybersource Queue', credentials: [reports-cybersourcequeue-view], display: hidden }, paymentReport: { text: 'Payment Report', credentials: [reports-payment-view], display: hidden }, chargeAccountPaymentReport: { text: 'Charge Acct Payment Report', credentials: [charge-accounts-view], display: hidden }, inventoryNegativeReport: { text: 'Negative Inventory Report', credentials: [reports-inventory-neg-view], display: hidden }, creditLegerReport: { text: 'Credit Ledger Report', credentials: [reports-credit-ledger-view], display: hidden }, dropReport: { text: 'Inventory Value Report', credentials: [reports-drop-view], display: hidden } } } buybacks: { text: Buybacks, credentials: [buybacks-view], children: { buyback_generate: { text: 'Generate List', credentials: [buybacks-generate-view] }, buyback_setup: { text: 'Set Parameters', credentials: [buybacks-setparam-view] } } } wantlists: { text: 'Want Lists', credentials: [wantlists-view], children: { wantlists_print_setup: { text: 'Print List', credentials: [wantlists-print-view] } } } orders: { text: Orders, credentials: [orders-view], children: { invoices_merge: { text: 'Orders Invoices Merge Utility', credentials: [tools-view] }, companies: { text: 'Companies [Vendors]', credentials: [orders-vendors-view] }, vendors: { text: 'Companies [Vendors] [Alt]', credentials: [orders-vendors-view] }, orders_receiving: { text: Receiving, credentials: [orders-receiving-view] }, purchase_order_receiving: { text: 'Receiving Check-In', credentials: [orders-receiving-view] }, shipments: { text: 'Invoices [Shipments]', credentials: [orders-invoices-view] }, ecomm_order: { text: 'Web Orders', attributes: [ecomm_enabled], credentials: [orders-ecomm-view] }, web_orders: { text: 'Web Orders', attributes: [ecomm_enabled], credentials: [orders-ecomm-view], display: hidden } } } customers: { text: Customers, credentials: [customers-view], children: { readytext_optin_load: { text: ReadyText, credentials: [customers-view] }, customer_support_case: { text: 'Support Cases', credentials: [customers-view] }, customers_import: { text: Import, credentials: [customers-merge-view] }, customers_merge: { text: Merge, credentials: [customers-merge-view] }, customers_order_view: { text: 'Orders [Prepaids]', credentials: [customers-orders-view] }, customers_order_item_fulfill: { text: 'Orders [Prepaids] Fulfillment', credentials: [customers-orders-view] }, customer_charge_accounts_view: { text: 'Store Charge Accounts', credentials: [charge-accounts-view] }, charge_accounts_index: { text: 'Charge Processing', credentials: [tools-view] } } } bookbuyer: { text: 'Book Buyer', credentials: [orders-bookbuyer-view], children: { bookbuyer_view: { text: View, credentials: [orders-bookbuyer-view] } } } register2: { text: Register, credentials: [register-view], children: { registers_configure: { text: 'Configure Register', credentials: [register-view] }, store: { text: 'Manage Stores', credentials: [tools-stores-view] }, auth_user_settings: { text: 'User Settings', credentials: [register-view] }, knowledge: { text: Knowledge, credentials: [register-view] } } } pinpad: { text: PinPad, credentials: [tools-stores-view], children: { pinpad_direct: { text: 'Direct Access', credentials: [tools-stores-view] }, payeezy: { text: Payeezy, credentials: [tools-stores-view] } } } app_pos_version: 2.77.0 app_pwhash_secret: t3XtB0ok app_records_per_page: 25 app_records_per_page_long: 500 app_resource_version: 20221111062348 app_tiny_mce: fcobw22a0oygn7wo0h238g7540ps7tw74j5oqet4hrzfti9f sf_admin_module_web_dir: /sfDoctrinePlugin sf_admin_web_dir: /sf/sf_admin sf_app: frontend sf_app_base_cache_dir: /bba/www/pos/cache/frontend sf_app_cache_dir: /bba/www/pos/cache/frontend/dev sf_app_config_dir: /bba/www/pos/apps/frontend/config sf_app_dir: /bba/www/pos/apps/frontend sf_app_i18n_dir: /bba/www/pos/apps/frontend/i18n sf_app_lib_dir: /bba/www/pos/apps/frontend/lib sf_app_module_dir: /bba/www/pos/apps/frontend/modules sf_app_template_dir: /bba/www/pos/apps/frontend/templates sf_apps_dir: /bba/www/pos/apps sf_cache: false sf_cache_dir: /bba/www/pos/cache sf_charset: utf-8 sf_check_lock: false sf_cli: false sf_compressed: false sf_config_cache_dir: /bba/www/pos/cache/frontend/dev/config sf_config_dir: /bba/www/pos/config sf_csrf_secret: false sf_data_dir: /bba/www/pos/data sf_debug: true sf_default_culture: en sf_enabled_modules: - default - ecomm - BBAProprietaryReports sf_environment: dev sf_error_404_action: error404 sf_error_404_module: default sf_error_reporting: 32767 sf_escaping_method: ESC_SPECIALCHARS sf_escaping_strategy: true sf_etag: false sf_file_link_format: null sf_i18n: false sf_i18n_cache_dir: /bba/www/pos/cache/frontend/dev/i18n sf_lib_dir: /bba/www/pos/lib sf_log_dir: /bba/www/pos/log sf_logging_enabled: true sf_login_action: login sf_login_module: auth sf_module_cache_dir: /bba/www/pos/cache/frontend/dev/modules sf_module_disabled_action: disabled sf_module_disabled_module: default sf_no_script_name: true sf_orm: doctrine sf_plugins_dir: /bba/www/pos/plugins sf_psr_logger: false sf_root_dir: /bba/www/pos sf_secure_action: secure sf_secure_module: auth sf_standard_helpers: - Partial - Cache - glxAsset sf_symfony_lib_dir: /bba/www/pos/vendor/lexpress/symfony1/lib sf_template_cache_dir: /bba/www/pos/cache/frontend/dev/template sf_test_cache_dir: /bba/www/pos/cache/frontend/dev/test sf_test_dir: /bba/www/pos/test sf_upload_dir: /bba/www/pos/web/uploads sf_upload_dir_name: uploads sf_use_database: true sf_web_debug: true sf_web_debug_web_dir: /sf/sf_web_debug sf_web_dir: /bba/www/pos/web
