SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms
- High (?)
- Versions Affected:
- Versions Fixed:
- Release Date:
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the `value` property of the password fields.
Sites which do not have install.php deployed are not affected.