A PHP-based application exposed its source code to unauthorized access, compromising sensitive data and potentially allowing attackers to exploit vulnerabilities.
To mitigate this risk, ensure that the application’s source code is not publicly accessible. This can be achieved by configuring the web server to return a 404 error for requests with alternative extensions, and verifying that no source code files are being served by the web server or included in data deployments.