Description

For a client program to be able to connect to the MySQL server, it must use the proper connection parameters, such as the name of the host where the server is running and the user name and password of your MySQL account.

These file(s) contains full/partial source code that contains a mysql_connect/mysql_pconnect function call that includes the MySQL connection credentials. This information is highly sensitive and should not be found on a production system.

Remediation

Restrict access to these file(s) or remove them from the system.

References

OWASP - A3:2017-Sensitive Data Exposure

Related Vulnerabilities

WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

WordPress Plugin Recent Backups Arbitrary File Download (0.7)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure