WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/11443http://securityreason.com/securityalert/3257http://www.securityfocus.com/archive/1/313575http://www.securityfocus.com/bid/6996
