amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote malicious users to obtain the database username and password via a direct request to the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
amarok web frontend 1.3 |