VisNetic WebMail 5.8.6 .6 - Information Disclosure

EDB-ID:

22826

CVE:


Author:

posidron

Type:

webapps

Platform:

PHP

Published:

2003-06-23

source: http://www.securityfocus.com/bid/8018/info

VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser.

http://webmailhost:32000/mail/admin/../include.html.
http://webmailhost:32000/mail/admin/../settings.html.