CVE-2008-0249

Name of the Vulnerable Software and Affected Versions PHP Webquest version 2.6

Description The issue allows remote attackers to retrieve database credentials by making a direct request to "admin/backup phpwebquest.php". This occurs because if a call to /usr/bin/mysqldump fails, the error message leaks the credentials. It is noted that this might only be a problem in limited environments.

Recommendations For PHP Webquest version 2.6, consider restricting access to the "admin/backup phpwebquest.php" endpoint to prevent unauthorized requests. Additionally, ensure that error messages do not reveal sensitive information such as database credentials. As a temporary workaround, consider disabling the backup functionality in "admin/backup phpwebquest.php" until a more secure solution is implemented.