Description

A Symfony databases.yml configuration file (config/databases.yml) was found in this directory. The databases.yml configuration allows for the configuration of the database connection.

This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.

Remediation

Remove or restrict access to all configuration files acessible from internet.

References

databases.yml configuration file

Related Vulnerabilities

WordPress Plugin Page and Post Clone Information Disclosure (1.1)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)

[Possible] Database Connection String Detected

WordPress Plugin TRADIES Information Disclosure (2.2.6)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)

Severity

High

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files