Spiderlronman

**Name of the Vulnerable Software and Affected Versions** ecjia-daojia version 1.38.1-20210202629 **Description** The issue concerns information leakage via the `content/apps/installer/classes/Helper.php` file. When the web program is installed, a new environment file is created, recording database information, including the database record password. The vendor disputes this vulnerability, stating that the environment file is in the data directory, which is not intended for access by website visitors, as only the statics directory can be accessed by them. **Recommendations** For version 1.38.1-20210202629, consider restricting access to the `content/apps/installer/classes/Helper.php` file to minimize the risk of information leakage. Additionally, ensure that the data directory is properly secured to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.