[原文]setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability.
Imoel CMS has been reported to contain a vulnerability that may allow the remote disclosure of the SQL authentication credentials (login/password). The reported issue would only occur on a system that is not configured to serve up PHP pages (.php) correctly, or was used in conjunction with another vulnerability that bypassed the normal behavior of the web server.
The vulnerability reported is incorrect. No solution required.