Description

One or more database connection strings were found. The connection strings may include attributes such as the name of the driver, server and database, as well as security information such as user name and password.

Remediation

Restrict access to these file(s) or restrict the disclosure of this connection string .

References

Database Connection String Detected | Invicti

Related Vulnerabilities

YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)

WebPageTest Unauthorized Access Vulnerability

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure