Filesystem access equals root access
|Reported by:||geocar||Owned by:|
In addition to being able to login as root password=1234
I can also login using user root password=81dc9bdb52d04dc20036dbd8313ed055
This can have serious consequences if anyone can find a way to print out config/config.ini.php
There may be other situations where an attacker knows the MD5 hash (or other hash should you change digests) but not the password.