Ooo, double irony!
An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password.
The vulnerability in question allowed the entire contents of the website's /.git/ repository to be cloned, as Pen Test Partners explained in a blog post about what it found on advice site GDPR.eu.
"The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.
GDPR.eu is run by Proton Technologies AG, better known as the Swiss corporation behind email service ProtonMail, which prides itself on being leader of the pack for all things security and privacy. While not an official site as such, it bears a prominent header that reads: " ..
Support the originator by clicking the read the rest link below.
![[webapps] Easy Transfer 1.7 for iOS - Directory Traversal](upload/news/image_1588161652_71630096.png)
