Vendor:
Bagisto (https://bagisto.com/)
Affected version:
All
Introduction:
	Bagisto is an open source shop system based on PHP and Laravel framework
	Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.

Proof:
There have been observed installations in the wild exposing the .env file like https://klingbakeshop.com/public/ (https://klingbakeshop.com/public/)

Solution:
The "public" directory must be configured as document root of the web server
Sent with PrivateMail