CVE-2000-1100

The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.

Date published : 2000-12-19

http://www.securityfocus.com/bid/2029

http://archives.neohapsis.com/archives/bugtraq/2000-11/0433.html