SQLpage vulnerable to public exposure of database credentials
If you are using a SQLPage version older than v0.11.1 your SQLPage instance is exposed publicly the database connection string is specified in the sqlpage/sqlpage.json configuration file (not in an environment variable) the web_root is the current working directory (the default) your database is exposed publicly then an attacker could retrieve the database connection information from SQLPage and use it to connect to your database directly.