Phpinfo() Memory Limit

Manieendar Mohan
Published on
02 Apr 2022
1 min read

The memory limit is a setting that allocates a fixed memory size for executing a script. This setting protects the server from poorly coded scripts that allocate unnecessary space, in return saving the server’s memory during large-scale usage of the application. An attacker can view the memory limit set by executing phpinfo() function to see the memory limit and plan an attack according to the value. A server administrator can set memory limit from -1 (No memory allocation) to any size. The memory limit was first introduced as a setting in php.ini after PHP version 5.2.0. For PHP versions before 5.2.0, the memory limit was implemented during compile time. The memory limit was implemented as a per-script setting.

If an attacker knows the maximum size a PHP script allocated by the server, he will be able to execute malicious scripts with maximum size from different clients. This malicious move by the attacker can hang the server to perform a denial of service attack. The attacker can also perform other attacks after this attack to completely shut down the server.

Example The following code is an example of PHP memory_limit:-


        memory_limit = 512M



        php_value memory_limit 512M



Using this vulnerability, an attacker can perform:-

  • Denial of service attacks.
  • Illegal termination of the program to void the validity of the data.

Mitigation / Precaution

Beagle recommends the following fixes:-

Make sure the phpinfo() is disabled in the server. Change the memory limit to your desired value. php.ini

        memory_limit = 100M



        php_value memory_limit 100M

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.