Sensitive Information Disclosure in PostACI Webmail System
CVE-2000-1100 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
Learn more about our Web App Pen Testing.