Ensure sensitive information like database credentials are not stored in plain text within web-accessible scripts, even if disclosure vulnerabilities are present.
The server misinterprets the null byte ( \0 ), ignores the .php execution handler, and treats the file as a plain text file, sending the sensitive source code directly to the user. How to Use the Nmap Script nmap http-litespeed-source code-download
The vulnerability exists in LiteSpeed Web Server version 4.0.14 and earlier. It is categorized as a or source code disclosure flaw. ignores the .php execution handler
