Uebimiau Webmail v3.2.0-2.0 | Email Disclosure

vendor:

Webmail

by:

Z3r0c0re, R4vax

7,5

CVSS

HIGH

Email Disclosure

200

CWE

Product Name: Webmail

Affected Version From: 3.2.0-2.0

Affected Version To: 3.2.0-2.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: php

2010

Uebimiau Webmail v3.2.0-2.0 | Email Disclosure

Accessing the 'inc/database' directory of Uebimiau Webmail v3.2.0-2.0 allows an attacker to view the users' inboxes, sent emails, and any other folders the user may have.

Mitigation:

Restrict access to the 'inc/database' directory and ensure that only authorized users have access to it.

Source

Exploit-DB raw data:

# Exploit Title: Uebimiau Webmail v3.2.0-2.0 | Email Disclosure
# Date: 09 March 2010
# Author: Z3r0c0re, R4vax
# Software Link: http://www.uebimiau.org/download.php
# Version: 3.2.0-2.0
# Tested on: php
# Code :
*********************************************************
* Uebimiau Webmail Email Disclosure *
*********************************************************
* D0rk:	 *
* "Uebimiau Webmail v3.2.0-2.0"	 *
*********************************************************
* Vuln:	 *
* http://[host]/[path]/inc/database	 *
*********************************************************
* Desc:	 *
* accessing these directores lets you view the users- *
* inboxes and sent emails and any other folders the- *
* user may have.	 *
*********************************************************