Bagisto Credential Disclosure ≈ Packet Storm – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on September 2nd, 2020 📆 | 1678 Views ⚑


Bagisto Credential Disclosure ≈ Packet Storm

Bagisto Credential Disclosure
Posted Sep 1, 2020
Authored by devsecweb

As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.

tags | exploit, root, info disclosure
MD5 | 7fc061d5cf8581a756c5a61f9a15896f
Bagisto (
Affected version:
Bagisto is an open source shop system based on PHP and Laravel framework
Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.

There have been observed installations in the wild exposing the .env file like (

The "public" directory must be configured as document root of the web server
Sent with PrivateMail

Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *