CVE-2022-27055

Name of the Vulnerable Software and Affected Versions ecjia-daojia version 1.38.1-20210202629

Description The issue concerns information leakage via the content/apps/installer/classes/Helper.php file. When the web program is installed, a new environment file is created, recording database information, including the database record password. The vendor disputes this vulnerability, stating that the environment file is in the data directory, which is not intended for access by website visitors, as only the statics directory can be accessed by them.

Recommendations For version 1.38.1-20210202629, consider restricting access to the content/apps/installer/classes/Helper.php file to minimize the risk of information leakage. Additionally, ensure that the data directory is properly secured to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.