vendor:
Devilz Clanportal
by:
Kiba
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Devilz Clanportal
Affected Version From: 1
Affected Version To: 1.4.2005
Patch Exists: YES
Related CWE:
CPE: a:dzcp_project:devilz_clanportal:1.4.5
Platforms Tested:
2007
DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
The vulnerability allows an attacker to view sensitive MySQL data by accessing the 'browser.php' file in the 'inc/filebrowser' directory. By specifying the 'file' parameter as 'inc/mysql.php', the attacker can retrieve the contents of the MySQL configuration file.
Mitigation:
Install the security fix provided by the vendor.