Squirrelmail » Squirrelmail : Security Vulnerabilities, CVEs, Published In 2018 (Directory traversal)
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Max CVSS
8.8
EPSS Score
0.35%
Published
2018-03-17
Updated
2019-08-15
1 vulnerabilities found