Description
The Yii2 Gii extension was found in the web application. Gii is a Web-based code generator for Yii2, which should be enabled only for the development environment with a strict white-list of allowed IP addresses
Remediation
Disable the Gii extension or restrict access to proper IP addresses only
References
Related Vulnerabilities
Unauthorized Access to a web app installer
Whoops error handler component detected
Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)
Unrestricted access to NGINX+ API interface (read write)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)