VULHUB ™

A vulnerability has been reported in W3Mail that may result in the disclosure of user email attachments. When attachments are uploaded, they are stored in a directory within the webroot. There is no default index file created. If the webserver is configured to output the index of directories, remote clients may view and retrieve attachment files without authorization. Reportedly, versions of W3Mail prior to 1.0.3 do not properly delete these files when the webmail user logs off, widening the window of opportunity for an attacker.

A vulnerability has been reported in W3Mail that may result in the disclosure of user email attachments. When attachments are uploaded, they are stored in a directory within the webroot. There is no default index file created. If the webserver is configured to output the index of directories, remote clients may view and retrieve attachment files without authorization. Reportedly, versions of W3Mail prior to 1.0.3 do not properly delete these files when the webmail user logs off, widening the window of opportunity for an attacker.