BasiliX Attachment Disclosure Vulnerability

Summary
The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX.
Solution
Upgrade to BasiliX version 1.1.1 or later.
References