Full title: ATSEngine credential disclosure vulnerability 
Category: web applications
Platform: php
Any user can download a .db configuration file without authenticating first. The .db file contains the credentials to the administrative web interface.

# 0day.today @ http://0day.today/