class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users home-directory files, which allows remote attackers to obtain sensitive information from these files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpgroupware | Phpgroupware | 0.9.16.000 (including) | 0.9.16.000 (including) |