Why is the phpinfo() function disabled in shared hosting?

The phpinfo() function is disabled in the shared hosting service due to a security vulnerability in PHP 5.3: CVE-2014-4721.

phpinfo() outputs information about PHP’s configuration, such as the values of PHP directives, loaded extensions and environment variables. Even though phpinfo() is disabled, you can still find that information using other functions:

PHP directives: ini_get() and ini_get_all()

<?php
echo ini_get(upload_max_filesize); // 2M

Extensions/modules: get_loaded_extensions()

<?php
print_r(get_loaded_extensions());

Environment variables: $_ENV

<?php
print_r($_ENV);

PHP or extension version: phpversion()

<?php
echo phpversion(); // 5.3.26
echo phpversion(‘pdo_mysql’); // 1.0.1

In case you have SSH access to the server, “php -i” can also be used to get PHP configuration settings. For example, to get the configuration for the PDO – MySQL extension:

$ php -i|grep pdo_mysql

Or to get the version of PHP:

$ php -v