Database password exposed after upgrade

Bug tracking system

Brought to you by: bcurtis, bobsquatch, brycen, kword

This project can now be found here.

Database password exposed after upgrade

Forum: Help

Creator: Nobody/Anonymous

Created: 2008-02-19

Updated: 2013-04-16

Nobody/Anonymous - 2008-02-19

If I go to this url where my upgraded version 1.04 of phpBugtracker lives:

http://www.mydomain.com/phpbugtracker/upgrade.php?doit=1

My database login credentials are exposed. Please be aware of this serious security hole.
And admins, please fix this problem..

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Nobody/Anonymous - 2008-07-27
  
  no security update for this vulnerability yet?
  
  http://www.google.nl/search?q="Most+recently+submitted+bugs"
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Bryce Nesbitt - 2008-08-24
  
  It's fixed, upgrade from CVS.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.