CVE-2001-1044

Name of the Vulnerable Software and Affected Versions Basilix Webmail version 0.9.7beta

Description The issue allows remote attackers to obtain sensitive information, such as MySQL passwords and usernames, from the mysql.class file because the software stores *.class and *.inc files under the document root without restricting access.

Recommendations For version 0.9.7beta, restrict access to the *.class and *.inc files, especially the mysql.class file, to prevent remote attackers from obtaining sensitive information. Consider moving these files outside of the document root or implementing proper access controls.