Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51389

Acunetix security vulnerability

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 2.9.1
    • General
    • MOODLE_29_STABLE

      We recently had an Acunetix security assessment performed on Moodle.

      The following flagged for review, as potential source code disclosures:

      /moodle/auth/manual/config.html
      moodle/auth/db/config.html

      Description
      Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. An attacker can gather sensitive information (database connection strings, application logic) by analyzing the source code. This information can be used to conduct further attacks.

      Recommendation
      Remove this file from your website or change its permissions to remove access.

            dobedobedoh Andrew Lyons
            manlfoc Anonymous user (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.