CVE-2001-1044 in Basilix
Summary
by MITRE
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/30/2025
The vulnerability identified as CVE-2001-1044 represents a critical misconfiguration issue within Basilix Webmail version 0.9.7beta and potentially other iterations of the software. This flaw stems from improper file access controls that allow unauthorized remote attackers to directly access sensitive configuration files stored within the web server's document root directory. The specific files at risk include .class and .inc files that contain critical system information, with mysql.class being particularly vulnerable as it typically stores database connection credentials including usernames and passwords. This configuration error creates an information disclosure vulnerability that violates fundamental security principles of least privilege and proper access control enforcement.
The technical exploitation of this vulnerability occurs through direct HTTP requests to the web server, where attackers can navigate to the document root and retrieve files that should remain protected from public access. The flaw exists because the web application fails to implement proper access restrictions on sensitive files, allowing any remote user to download configuration files that contain database authentication details. This type of vulnerability is categorized under CWE-200 Information Exposure and aligns with ATT&CK technique T1566.001 Initial Access: Phishing. The vulnerability demonstrates a classic case of insecure file permissions and improper web server configuration, where sensitive application components are exposed without authentication requirements.
The operational impact of this vulnerability is severe as it provides attackers with immediate access to database credentials, enabling them to establish unauthorized connections to the underlying MySQL database. This access could lead to complete database compromise, data exfiltration, modification of sensitive information, or even privilege escalation within the application environment. The exposure of MySQL usernames and passwords creates a significant attack surface that can be leveraged for lateral movement within the network infrastructure. Organizations relying on this webmail solution face potential data breaches, compliance violations, and reputational damage. The vulnerability also increases the risk of cascading attacks where compromised database credentials are used to access other systems sharing similar authentication mechanisms.
Mitigation strategies for this vulnerability require immediate implementation of proper access controls and file permission configurations. System administrators must ensure that sensitive configuration files are stored outside the web document root or are protected through appropriate access controls such as .htaccess restrictions or web server configuration rules. The recommended approach involves moving critical files to non-web-accessible directories and implementing proper authentication mechanisms for any files that must remain accessible. Additionally, regular security audits should be conducted to identify and remediate similar misconfigurations. Organizations should also implement network segmentation and monitoring to detect unauthorized access attempts. This vulnerability highlights the importance of following security best practices including the principle of least privilege and proper file system permissions, with specific guidance from NIST SP 800-53 and ISO 27001 standards for secure system configuration management.