2007-07-03 18:00:00
mitre
PUBLISHED
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.