PCCS-Mysql User/Password Exposure Network Vulnerability

Summary

It is possible to read the include file of PCCS-Mysql, dbconnect.inc on the remote server. This include file contains information such as the username and password used to connect to the database.

Solution

Versions 1.2.5 and later are not vulnerable to this issue. A workaround is to restrict access to the .inc file.

Severity

Classification

CVE CVE-2000-0707

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleFR CMS Multiple Vulnerabilities - Jan15
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Athena Web Registration remote command execution flaw
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities