Bagisto: Insecure installation in sub-directories

Posted by devsecweb— via Fulldisclosure on Sep 01

Vendor:
Bagisto (https://bagisto.com/)
Affected version:
All
Introduction:
Bagisto is an open source shop system based on PHP and Laravel framework
Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes
database and e-mail server credentials.

Proof:
There have been observed installations in the wild exposing the .env file like…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source