SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation.
From the SquirrelMail webpage:
Remote attackers could execute arbitrary code with elevated privileges as the SquirrelMail CGI user, typically www-data or similar.
Apply an update
Thanks to the Debian Project for reporting this vulnerability, who in turn credit Grant Hollingworth with its discovery.
This document was written by Ken MacInnis based primarily on information provided by the Debian Project and the SquirrelMail team.
|Date First Published:||2005-02-09|
|Date Last Updated:||2005-02-09 20:17 UTC|