Security problem with SMF 2.0.15 + PHP 7.0/ 7.1

Started by lwiz, November 18, 2018, 05:14:23 PM

Previous topic - Next topic

lwiz

If for some reason database is out of action, SMF 2.0.15 spits out the database username and password for everyone to see who opens the SMF board URL.

Caught this during a larger server update and luckily, as I was then able to change both quickly, but this is an extreme security issue.

-L

Illori

that is what php does, SMF has no control over php errors.


lwiz

Yeah pilot error here, had the errors setting left to shown after a late night testing session I guess :/

Jumped the gun though as I saw someone else telling the same problem with their board, so not the only one then having bit iffy php.ini

-L

Advertisement: