CVE-2000-1100

PostACI Webmail - Information Disclosure via Direct HTTP GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1100. PoCs published by Michael R. Rudel.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Postaci Webmail where the database credentials are stored in a world-readable file accessible via a web browser. The exploit involves retrieving the global.inc file to gain unauthorized database access.

Description

The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Michael R. Rudel · textremotemultiple
https://www.exploit-db.com/exploits/20450

This is a writeup describing an information disclosure vulnerability in Postaci Webmail where the database credentials are stored in a world-readable file accessible via a web browser. The exploit involves retrieving the global.inc file to gain unauthorized database access.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Postaci Webmail (default configuration)
No auth needed
Prerequisites: Target running Postaci Webmail with default configuration · Access to the web server hosting the application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0433.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2029

Scores

EPSS 0.0571
EPSS Percentile 92.1%

Details

Status published
Products (1)
trlinux/postaci_webmail 1.1.3
Published Jan 09, 2001
Tracked Since Feb 18, 2026