Description

Magento stores its configuration in a file local.xml. Due to a misconfiguration of a web server, an attacker can access the cofiguration file.

Remediation

Restrict access to local.xml

References

Magento Security: Check your app/etc/local.xml file

Related Vulnerabilities

ASP.NET header checking is disabled in web.config

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Nonce Usage Detected in Content Security Policy (CSP) Directive

Possible sensitive files

data: Used in a Content Security Policy (CSP) Directive

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure