Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dmx_forum | Dmx_forum | * | 2.1a (including) |