vRating settings.php Information Disclosure

2004-08-13T04:10:16
ID OSVDB:8831
Type osvdb
Reporter Security .Net Information(snilabs@gmail.com)
Modified 2004-08-13T04:10:16

Description

Vulnerability Description

vRating contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the setting.php page is accessed, which will disclose the username, password, mysql host, and database information, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

vRating contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the setting.php page is accessed, which will disclose the username, password, mysql host, and database information, resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/admin/settings.php

References:

Vendor URL: http://www.vrating.com/ Related OSVDB ID: 8832 Other Advisory URL: http://secwatch.org/advisories/1008420