Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Install: disable step 4 (additional config info)
This fixes a security issue allowing an attacker to access the installation script and obtain database access credentials. Since the offending install step does not seem to be doing anything useful, the corresponding code block has been commented out. This vulnerability (CVE-2014-9571) was reported by High-Tech Bridge Security Research Lab (https://www.htbridge.com/) in issue #17937 (advisory ID HTB23243). Fixes #17939
- Loading branch information