CVE-2009-3199

Name of the Vulnerable Software and Affected Versions Uebimiau Webmail version 3.2.0-2.0

Description The issue allows remote attackers to download a database containing usernames and password hashes by making a direct request for the "system admin/admin.ucf" file. This is possible due to insufficient access control over sensitive information stored under the web root.

Recommendations For Uebimiau Webmail version 3.2.0-2.0, consider restricting access to the "system admin/admin.ucf" file to prevent unauthorized downloads of the database. Additionally, review and improve access controls over sensitive information stored under the web root to prevent similar issues.