class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote malicious users to obtain sensitive information from these files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgroupware phpgroupware 0.9.16.000 |