exploitDog

CVE-2001-1044

Опубликовано: 11 янв. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

Ссылки

http://www.securityfocus.com/archive/1/155897
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2198
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5934
http://www.securityfocus.com/archive/1/155897
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2198
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5934

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:basilix:basilix_webmail:0.9.7_beta:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07909

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-43r6-r8w4-qp6c

github

больше 3 лет назад

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

EPSS

Процентиль: 92%

0.07909

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other