Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51389

Acunetix security vulnerability

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.9.1
    • Fix Version/s: None
    • Component/s: General
    • Labels:
    • Affected Branches:
      MOODLE_29_STABLE

      Description

      We recently had an Acunetix security assessment performed on Moodle.

      The following flagged for review, as potential source code disclosures:

      /moodle/auth/manual/config.html
      moodle/auth/db/config.html

      Description
      Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. An attacker can gather sensitive information (database connection strings, application logic) by analyzing the source code. This information can be used to conduct further attacks.

      Recommendation
      Remove this file from your website or change its permissions to remove access.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dobedobedoh Andrew Nicols
              Reporter:
              manlfoc Anonymous user
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: