PCCS Mysql Database Admin Tool Username/Password Exposure Vulnerability

PCCS-Mysql Database Admin Tool is a web-based front end to MySQL written in PHP. Its installation demands that an include file be in a directory that can be accessed by the webserver. This include file, dbconnect.inc, contains information such as the username and password used to connect to the database that can be disclosed if it is requested via http by someone who knows its location, ie: http://your_site.com/pccsmysqladm/incs/dbconnect.inc. If this include file is retrieved then access to your database can be compromised.


 

Privacy Statement
Copyright 2010, SecurityFocus