CVE-2008-3579

Name of the Vulnerable Software and Affected Versions Calacode @Mail version 5.41

Description The issue allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree, as no administrative authentication is required for build-plesk-upgrade.php. This can potentially be leveraged for remote exploitation.

Recommendations For Calacode @Mail version 5.41, consider restricting access to the build-plesk-upgrade.php script to require administrative authentication, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.