CVE-2008-3060

Name of the Vulnerable Software and Affected Versions: V-webmail version 1.5.0

Description: The issue allows remote attackers to obtain sensitive information. This can be achieved through malformed input in the login page, which includes the local.hooks.php file, or by using an invalid session ID. The latter reveals the installation path in an error message.

Recommendations: For V-webmail version 1.5.0, consider validating and sanitizing all user input to prevent malformed data from being processed, and implement proper error handling to avoid revealing sensitive information such as the installation path. Additionally, restrict access to error messages that could disclose sensitive details.