Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MySQL connection credentials - Vulnerability Database

MySQL connection credentials

Description

For a client program to be able to connect to the MySQL server, it must use the proper connection parameters, such as the name of the host where the server is running and the user name and password of your MySQL account.

These file(s) contains full/partial source code that contains a mysql_connect/mysql_pconnect function call that includes the MySQL connection credentials. This information is highly sensitive and should not be found on a production system.

Remediation

Restrict access to these file(s) or remove them from the system.

References

OWASP - A3:2017-Sensitive Data Exposure

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) High
Common tags: Information Disclosure
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) High
Common tags: Information Disclosure
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) High
Common tags: Information Disclosure
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) High
Common tags: Information Disclosure

Severity

High

Classification

CWE-538
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure