Squirrelmail : Security Vulnerabilities, CVEs, (File inclusion)
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
Max CVSS
6.8
EPSS Score
9.42%
Published
2007-12-14
Updated
2018-10-15
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.
Max CVSS
4.3
EPSS Score
0.17%
Published
2007-07-15
Updated
2012-10-31
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
Max CVSS
7.5
EPSS Score
24.32%
Published
2006-06-06
Updated
2024-03-21
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
Max CVSS
7.5
EPSS Score
2.88%
Published
2005-02-02
Updated
2008-09-05
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
2.06%
Published
2005-01-24
Updated
2017-10-11
5 vulnerabilities found