CVE-2012-1920

Published: Mar 27, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.

Affected (1)

Products: Atmail: Atmail Open

Atmail

1 product

Atmail Open

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atmail Atmail Open	Up to 1.04

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://en.securitylab.ru/lab/PT-2011-48

Source: cve@mitre.org

http://secunia.com/advisories/47012

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/743555

Source: cve@mitre.org

US Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/74282

Source: cve@mitre.org

http://en.securitylab.ru/lab/PT-2011-48

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47012

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/743555

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/74282

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.