Short Name |
HTTP:MAMBO-MYSQL-INF-DISCLOSURE |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mambo MySQL Database Info Disclosure |
Release Date |
2014/09/29 |
Update Number |
2424 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
Mambo CMS is prone to a password disclosure vulnerability. Local attackers can exploit this issue to disclose sensitive information.
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.