PHP-Survey Global.INC Information Disclosure Vulnerability

info
discussion
exploit
solution
references

PHP-Survey Global.INC Information Disclosure Vulnerability

PHP-Survey is a web-based survey engine. It is written in PHP and will run on most Unix and Linux variants. It is back-ended by a MySQL database.

The PHP-Survey script 'global.inc' will not be interpreted if requested via HTTP. This may potentially expose sensitive information such as database credentials to remote attackers.