Information Disclosure Vulnerability in Horde IMP 2.2.7
CVE-2002-2024 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
Learn more about our Web App Pen Testing.