Description
Magento stores its configuration in a file local.xml. Due to a misconfiguration of a web server, an attacker can access the cofiguration file.
Remediation
Restrict access to local.xml
References
Related Vulnerabilities
Jetpack 2.9.3: Critical Security Update
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.3)
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)