SquirrelMail Options.PHP Web Root Path Disclosure Vulnerability

info
discussion
exploit
solution
references

SquirrelMail Options.PHP Web Root Path Disclosure Vulnerability

A problem with SquirrelMail could make it possible for an attacker to gain sensitive information.

Under some conditions, SquirrelMail may reveal sensitive configuration information. When a malformed input is provided as arugments to the 'options.php' script,an error page will be generated. The error page returned contains absolute pathname of the options.php script.