Squirrelmail : Security Vulnerabilities, CVEs, Published In 2002 CVSS score >= 7

CVE-2002-1650

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
Max CVSS
7.5
EPSS Score
1.46%
Published
2002-12-31
Updated
2017-07-11

CVE-2002-1648

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
Max CVSS
7.5
EPSS Score
2.01%
Published
2002-12-31
Updated
2017-07-11

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Max CVSS
7.5
EPSS Score
4.77%
Published
2002-10-04
Updated
2008-09-05

CVE-2002-0516

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
Max CVSS
10.0
EPSS Score
2.62%
Published
2002-08-12
Updated
2008-09-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close