SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation.
From the SquirrelMail webpage:
Remote attackers could execute arbitrary code with elevated privileges as the SquirrelMail CGI user, typically www-data or similar.
Apply an update
Thanks to the Debian Project for reporting this vulnerability, who in turn credit Grant Hollingworth with its discovery.
|Date First Published:||2005-02-09|
|Date Last Updated:||2005-02-09 20:17 UTC|