Description

Magento stores its configuration in a file local.xml. Due to a misconfiguration of a web server, an attacker can access the cofiguration file.

Remediation

Restrict access to local.xml

References

Magento Security: Check your app/etc/local.xml file

Related Vulnerabilities

WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)

JSF ViewState client side storage

Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive

Laravel debug mode enabled (AcuSensor)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure