CVE-2008-5606

Name of the Vulnerable Software and Affected Versions Gazatem QMail Mailing List Manager version 1.2

Description The issue allows remote attackers to download the database file due to insufficient access control. Sensitive information is stored under the web root, which can be accessed via a direct request for the database file.

Recommendations For Gazatem QMail Mailing List Manager version 1.2, consider restricting access to the qmail.mdb file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive files outside of the web root or implementing proper access controls can help mitigate the risk.