PT-2001-2190 · Basilix · Basilix Webmail

Published

2001-01-11

Updated

2017-12-19

CVE-2001-1044

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Basilix Webmail version 0.9.7beta

Description The issue allows remote attackers to obtain sensitive information, such as MySQL passwords and usernames, from the mysql.class file because the software stores *.class and *.inc files under the document root without restricting access.

Recommendations For version 0.9.7beta, restrict access to the *.class and *.inc files, especially the mysql.class file, to prevent remote attackers from obtaining sensitive information. Consider moving these files outside of the document root or implementing proper access controls.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1044

Affected Products

Basilix Webmail

PT-2001-2190 · Basilix · Basilix Webmail

CVE-2001-1044

Related Identifiers

Affected Products

References · 5