Zenar Content Management System Disclosure Username/Password Sensitive Data

2018.05.23
tr Ismail Tasdelen (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Zenar Content Management System - Disclosure Username/Password Sensitive Data # Software Link: https://zenar.io/ # Dork: N/A # Author: Ismail Tasdelen # Tested Website: http://demo.zenar.io # Date: 2018-05-22 # Category: Web Application # POC : Description : A username and/or password was found in this file. This information could be sensitive. Example : http://localhost/zenario/admin/welcome.ajax.php # DATA : {"key":{"first_viewing":false},"tab":"0","tabs":[{"edit_mode":{"enabled":"1","on":"1","always_on":"1"},"show_errors_after_field":"description","fields":{"description":{"full_width":"1","snippet":{"html":"<h1>Diagnostics<\/h1>"},"ord":1},"sub_table":{"type":"grouping","name":"sub_table","ord":2,"value":""},"system_requirements":{"grouping":"sub_table","full_width":"1","snippet":{"html":"System Requirements"},"visible_if":"zenarioAW.togglePressed(1)","ord":3,"row_class":"section_valid"},"show_system_requirements":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":4},"server":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Web Server"},"visible_if":"zenarioAW.togglePressed(2)","ord":5},"show_server":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":6},"server_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"Apache http server version 2.4.7 or later"},"visible_if":"zenarioAW.togglePressed()","ord":7,"post_field_html":"&nbsp;(<em>you have version Server version: Apache\/2.4.18 (Ubuntu) Server built: 2017-09-18T15:09:02<\/em>)"},"php":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"PHP"},"visible_if":"zenarioAW.togglePressed(2)","ord":8},"show_php":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":9},"php_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"PHP version 7.0 or later"},"visible_if":"zenarioAW.togglePressed()","ord":10,"post_field_html":"&nbsp;(<em>you have version 7.0.28-0ubuntu0.16.04.1<\/em>)"},"opcache_misconfigured":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"In your <code>php.ini<\/code> you have <code>opcache.enable<\/code>\nturned on, and you have <code>opcache.dups_fix<\/code> turned off.\n\nThis may cause occasional PHP &ldquo;fatal errors&rdquo; on your site.\n\nPlease edit your <code>php.ini<\/code> and either turn <code>opcache.enable<\/code> off\nor else turn <code>opcache.dups_fix<\/code> on."},"visible_if":"zenarioAW.togglePressed()","ord":11,"hidden":true},"mysql":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"MySQL"},"visible_if":"zenarioAW.togglePressed(2)","ord":12},"show_mysql":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":13},"mysql_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"MySQLi extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":14},"mysql_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"MySQL client and MySQL server version 5.5.3 or later"},"visible_if":"zenarioAW.togglePressed()","ord":15,"post_field_html":"&nbsp;(<em>your client is version mysql Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine wrapper<\/em>)"},"mb":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Unicode Support"},"visible_if":"zenarioAW.togglePressed(2)","ord":16},"show_mb":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":17},"mb_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"ctype extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":18},"mb_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"mbstring extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":19},"gd":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Image Manipulation"},"visible_if":"zenarioAW.togglePressed(2)","ord":20},"show_gd":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":21},"gd_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"GD Library enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":22},"gd_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"GIF Read Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":23},"gd_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"JPG Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":24},"gd_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"PNG Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":25},"optional":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Optional requirements"},"visible_if":"zenarioAW.togglePressed(2)","ord":26},"show_optional":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":27},"optional_mod_deflate":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"deflate module enabled in Apache\n<br\/><small>Needed for compressing files, for a faster page-load<\/small>"},"visible_if":"zenarioAW.togglePressed()","ord":28},"optional_mod_expires":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"expires module enabled in Apache\n<br\/><small>Needed for images and files to be cached in the visitors browser, for a faster page-load<\/small>"},"visible_if":"zenarioAW.togglePressed()","ord":29},"optional_mod_rewrite":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"rewrite module enabled in Apache\n<br\/><small>Needed for friendly URLs<\/small>"},"visible_if":"zenarioAW.togglePressed()","ord":30},"optional_curl":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"curl extension enabled in PHP\n<br\/><small>Needed for translating pages using Google Translate<\/small>"},"visible_if":"zenarioAW.togglePressed()","ord":31},"optional_zip":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"zip extension enabled in PHP\n<br\/><small>Needed for creating document extracts<\/small>"},"visible_if":"zenarioAW.togglePressed()","ord":32},"dirs":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Directories"},"visible_if":"zenarioAW.togglePressed(1)","ord":33,"row_class":"section_valid"},"show_dirs":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":34},"dir_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Backup Storage Area"},"visible_if":"zenarioAW.togglePressed(2)","ord":35},"show_dir_1":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":36},"dir_1_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"If you wish to store site backups on your server, you should create a directory\non your server in which to keep them.\nIt should start with a slash, but do not add a trailing slash."},"visible_if":"zenarioAW.togglePressed()","ord":37},"backup_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","visible_if":"zenarioAW.togglePressed()","ord":38,"value":"\/var\/www\/clients\/zenario_demo\/backup","readonly":true},"backup_dir_status":{"grouping":"sub_table","full_width":"1","snippet":{"html":"The directory <code>backup<\/code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":39,"row_class":"sub_valid"},"dir_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Document Secure Store (Docstore)"},"visible_if":"zenarioAW.togglePressed(2)","ord":40},"show_dir_2":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":41},"dir_2_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"You should create a directory on your server where Documents can be stored by the CMS.\nPlease enter the absolute path to the directory.\nIt should start with a slash, but do not add a trailing slash."},"visible_if":"zenarioAW.togglePressed()","ord":42},"docstore_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","visible_if":"zenarioAW.togglePressed()","ord":43,"value":"\/var\/www\/clients\/zenario_demo\/docstore_staging","readonly":true},"docstore_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>docstore_staging<\/code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":44},"dir_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Templates Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":45},"show_dir_3":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":46},"dir_3_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses template files to form the layout of web pages.\nThese may be edited by an administrator, and Zenario writes them to the following directory.\nPlease ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":47},"template_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":48,"value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/zenario_custom\/templates\/grid_templates"},"template_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>grid_templates<\/code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":49},"dir_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"CSS Directories"},"visible_if":"zenarioAW.togglePressed(2)","ord":50,"hidden":false},"show_dir_4":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":51,"hidden":false},"dir_4_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"CSS for plugins may be edited by an administrator, and Zenario writes CSS files to the following directory. Please ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":52,"hidden":false},"skin_dir_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":53,"value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/zenario_custom\/templates\/grid_templates\/skins\/deep_dive\/editable_css\/","current_value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/zenario_custom\/templates\/grid_templates\/skins\/deep_dive\/editable_css\/","hidden":false},"skin_dir_status_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>editable_css<\/code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":54,"hidden":false},"skin_dir_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":55,"value":"","hidden":true},"skin_dir_status_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":56,"hidden":true},"skin_dir_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":57,"value":"","hidden":true},"skin_dir_status_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":58,"hidden":true},"skin_dir_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":59,"value":"","hidden":true},"skin_dir_status_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":60,"hidden":true},"skin_dir_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":61,"value":"","hidden":true},"skin_dir_status_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":62,"hidden":true},"skin_dir_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":63,"value":"","hidden":true},"skin_dir_status_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":64,"hidden":true},"skin_dir_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":65,"value":"","hidden":true},"skin_dir_status_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":66,"hidden":true},"skin_dir_8":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":67,"value":"","hidden":true},"skin_dir_status_8":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":68,"hidden":true},"skin_dir_9":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":69,"value":"","hidden":true},"skin_dir_status_9":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"&nbsp;"},"visible_if":"zenarioAW.togglePressed()","ord":70,"hidden":true},"dir_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Cache Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":71},"show_dir_5":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":72},"dir_5_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario can store generated files in a cache directory to speed up performance and reduce load on the database.\nPlease ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":73},"cache_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":74,"value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/cache"},"cache_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The &quot;cache&quot; directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":75},"dir_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Private Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":76},"show_dir_6":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":77},"dir_6_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses a cache directory to store documents and images temporarily\nwhile they are downloaded by users.\nPlease ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":78},"private_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":79,"value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/private"},"private_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The &quot;private&quot; directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":80},"dir_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Public Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":81},"show_dir_7":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":82},"dir_7_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses a directory to store documents that are publicly available.\nThis directory MUST be writable by the web server."},"visible_if":"zenarioAW.togglePressed()","ord":83},"public_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":84,"value":"\/var\/www\/clients\/zenario_demo\/public_html_live\/public"},"public_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The &quot;public&quot; directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":85},"site":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Site configuration"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1)","ord":86,"row_class":"section_warning"},"show_site":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":87,"pressed":true},"site_description_missing":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"This site's description file is missing.\nPlease create the <code>zenario_custom\/site_description.yaml<\/code> file,\ne.g. by copying or symlinking one of the files from the\n<code>zenario\/api\/sample_site_descriptions\/<\/code> directory."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":88,"hidden":true},"site_disabled":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"Your site is enabled."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":89},"site_special_pages_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":90,"hidden":true},"public_documents":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":91,"hidden":true},"site_automated_backups":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"Automated backups are running."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":92},"scheduled_task_manager":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":93,"hidden":true},"spare_domains_without_primary_domain":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"Domain name redirects have been created for this site, but they will not function because no primary domain is defined.\nPlease go to\n<a href=\"organizer.php#zenario__administration\/panels\/site_settings\/\/domains~.site_settings~tprimary_domain~k{&quot;id&quot;%3A&quot;domains&quot;}\" target=\"_blank\">\n <em>Domains<\/em> in the site settings\n<\/a>\nto define a primary domain."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":94,"hidden":true},"forwarded_ip_misconfigured":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"The <code>USE_FORWARDED_IP<\/code> constant is enabled\nin your <code>zenario_siteconfig.php<\/code> file,\nbut you are not using a load balancer or a proxy,\nor your load balancer or proxy is misconfigured."},"visible_if":"zenarioAW.togglePressed()","ord":95,"hidden":true},"errors_not_shown":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"Your site is in development mode,\nbut if you're developing modules you would not be able to see PHP errors and notices.\n(The <code>ERROR_REPORTING_LEVEL<\/code>\nshould be set to <code>(E_ALL | E_NOTICE | E_STRICT)<\/code>\nin your <code>zenario_siteconfig.php<\/code> file - or\nclick the hammer icon at the bottom left of Organizer\nto fully enable the site.)"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":96,"hidden":false},"notices_shown":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"Your site is in production mode, but you are showing PHP notices.\n<br\/>\n(The <code>ERROR_REPORTING_LEVEL<\/code>\nshould be set to <code>(E_ALL & ~E_NOTICE & ~E_STRICT)<\/code>\nin your <code>zenario_siteconfig.php<\/code> file.)"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":97,"hidden":true},"email_addresses_overridden":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":98,"hidden":true},"missing_modules":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":99,"hidden":true},"bad_extra_module_symlinks":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":100,"hidden":true},"module_errors":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":101,"hidden":true},"no_ssl_for_login":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"This site has a login for extranet users,\nbut doesn't use HTTPS to secure the transmission of passwords and other personal data.\nWe recommend you ask your system administrator to make this site run using HTTPS."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":102,"hidden":false},"two_factor_security":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"This site contains user-related data,\nbut you are not protecting your admin-login with two-factor authentication.\nPlease edit the <code>zenario_custom\/site_description.yaml<\/code> file\nto enable two-factor authentication."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":103,"hidden":false},"robots_txt":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":104,"hidden":true},"content":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Site content"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1)","ord":105,"row_class":"section_warning"},"show_content":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":106,"pressed":true},"content_nothing_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"You have no unpublished content items."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":107,"hidden":true},"content_unpublished_1":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target=\"blank\" href=\"http:\/\/demo.zenar.io\/news-list\"><span class=\"organizer_item_image content_draft\"><\/span>html_44\/news-list<\/a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":108,"hidden":false},"content_unpublished_2":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target=\"blank\" href=\"http:\/\/demo.zenar.io\/gallery\"><span class=\"organizer_item_image content_draft\"><\/span>html_43\/gallery<\/a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":109,"hidden":false},"content_unpublished_3":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target=\"blank\" href=\"http:\/\/demo.zenar.io\/news\/news-1\"><span class=\"organizer_item_image content_draft\"><\/span>news_5\/news-1<\/a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":110,"hidden":false},"content_unpublished_4":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target=\"blank\" href=\"http:\/\/demo.zenar.io\/news\/news-2\"><span class=\"organizer_item_image content_draft\"><\/span>news_6\/news-2<\/a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":111,"hidden":false},"content_unpublished_5":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target=\"blank\" href=\"http:\/\/demo.zenar.io\/home-staging\"><span class=\"organizer_item_image content_draft\"><\/span>html_41\/home-staging<\/a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":112,"hidden":false},"content_more_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"3 other pages are in draft mode. <a target=\"blank\" href=\"organizer.php#zenario__content\/panels\/content\/refiners\/work_in_progress\/\/\/\/\">View...<\/a>"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":113,"hidden":false},"continue":{"value":"Continue","type":"submit","full_width":"1","style":"float: right;","ord":114},"check_again":{"value":"Check again","type":"submit","same_row":"1","style":"float: right;","ord":115,"hidden":false},"skin_dir_status_0":{"hidden":false},"skin_dir_0":{"hidden":false}},"ord":1,"errors":[]}],"path":"diagnostics","_task":false} The impact of this vulnerability : Possible sensitive information disclosure. How to fix this vulnerability : Remove this file from your website or change its permissions to remove access. # You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top