SquirrelMail Project Team Information for VU#153043

SquirrelMail compose.php script does not adequately validate input thereby allowing arbitrary user to send messages

Status

Affected

Vendor Statement

"SquirrelMail 1.2.4 is the release that fixed the problem."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Upgrade SquirrelMail to version 1.2.4 or later, available from

http://www.squirrelmail.org/download.php

If you have feedback, comments, or additional information about this vulnerability, please send us email.