Squirrelmail : Security Vulnerabilities, CVEs, Published In 2002 CVSS score >= 7
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
Max CVSS
7.5
EPSS Score
1.46%
Published
2002-12-31
Updated
2017-07-11
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
Max CVSS
7.5
EPSS Score
2.01%
Published
2002-12-31
Updated
2017-07-11
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Max CVSS
7.5
EPSS Score
4.77%
Published
2002-10-04
Updated
2008-09-05
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
Max CVSS
10.0
EPSS Score
2.62%
Published
2002-08-12
Updated
2008-09-05
4 vulnerabilities found