Description

For a client program to be able to connect to the MySQL server, it must use the proper connection parameters, such as the name of the host where the server is running and the user name and password of your MySQL account.

These file(s) contains full/partial source code that contains a mysql_connect/mysql_pconnect function call that includes the MySQL connection credentials. This information is highly sensitive and should not be found on a production system.

Remediation

Restrict access to these file(s) or remove them from the system.

Related Vulnerabilities

Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)

Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure