2025-05-29 12:33:27
rapid7
PUBLISHED
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.