CodeThatShoppingCart config.ini Remote Information Disclosure
Remote / Network Access
Loss of Confidentiality
CodeThatShoppingCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests the config.ini file, which will disclose the SQL user name, password, configuration options and more, resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.