U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.Referenceshttp://nsag.ru/vuln/890.htmlhttp://secunia.com/advisories/18998https://exchange.xforce.ibmcloud.com/vulnerabilities/24890
