What security problems could come from exposing phpinfo() to end users?

Question

If a phpinfo() dump is shown to an end user, what is the worst that a malicious user could do with that information? What fields are most unsecure? That is, if

Answer 1

Honestly, not much. Personally, I frequently leave phpinfo() pages up.

If you have some serious misconfigurations (e.g. PHP is running as root), or you're using old and vulnerable versions of some extensions or PHP itself, this information will be more exposed. On the other hand, you also wouldn't be protected by not exposing phpinfo(); you should have instead take care of having your server up-to-date and correctly configured.