The Zend Framework uses a file named application.ini where various sensitive data is stored (such as database credentials). This file is located in the /application/configs directory. Normally this file is not dirrectly accessible but some developers improperly set the application root and make this file acessible from the web.


Restrict access to this file or set your document_root to myapp/public and not myapp.. To restrict access to the file, create a .htaccess file in the directory "/application/configs" that contains the following line:

  deny from all


Related Vulnerabilities