Insertion of Sensitive Information into Log File (CWE-532)High PRO
Exposed .env File Leading to Full Email Account Takeover
An exposed .env file on the company’s website publicly revealed sensitive credentials, including SMTP, database, AWS, and Stripe keys. This allowed full access to the admin email account, potential misuse of customer orders, voucher codes, and financial data.
0
Mar 17, 2026
CVSS8.2
€940