EZ Publish 2.2.7/3.0 - site.ini Information Disclosure
| EKU-ID: 27967 | CVE: OSVDB-6560 | OSVDB-ID: |
| Author: gregory Le Bras | Published: 2003-04-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27967 | CVE: OSVDB-6560 | OSVDB-ID: |
| Author: gregory Le Bras | Published: 2003-04-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7347/info eZ Publish has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish administration credentials stored in plaintext format. Any HTTP requests for this file will reveal the contents of this file to remote attackers. http://[target]/settings/site.ini