Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote malicious users to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
basilix basilix webmail 0.9.7_beta |