Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
References
Link | Resource |
---|---|
http://www.securityfocus.com/archive/1/155897 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/2198 | Exploit Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5934 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-02-02T05:00:00
Updated: 2017-12-18T21:57:01
Reserved: 2002-01-31T00:00:00
Link: CVE-2001-1044
JSON object: View
NVD Information
Status : Modified
Published: 2001-01-11T05:00:00.000
Modified: 2017-12-19T02:29:31.533
Link: CVE-2001-1044
JSON object: View
Redhat Information
No data.
CWE