Why is this an issue?

enable_dl is on by default and allows open_basedir restrictions, which limit the files a script can access, to be ignored. For that reason, it’s a dangerous option and should be explicitly turned off.

This rule raises an issue when enable_dl is not explicitly set to 0 in php.ini.

Noncompliant code example

; php.ini
enable_dl=1  ; Noncompliant

Compliant solution

; php.ini
enable_dl=0

Resources

• OWASP Top 10 2021 Category A1 - Broken Access Control
• OWASP Top 10 2021 Category A5 - Security Misconfiguration
• OWASP Top 10 2017 Category A6 - Security Misconfiguration
• MITRE, CWE-23 - Relative Path Traversal
• MITRE, CWE-36 - Absolute Path Traversal