First published: Tue Jun 06 2006(Updated: )
** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Squirrelmail Squirrelmail | =1.4.2 | |
Squirrelmail Squirrelmail | =1.0.5 | |
Squirrelmail Squirrelmail | =1.4.6_rc1 | |
Squirrelmail Squirrelmail | =1.4.3_r3 | |
Squirrelmail Squirrelmail | =1.2.7 | |
Squirrelmail Squirrelmail | =1.2.0 | |
Squirrelmail Squirrelmail | =1.2.9 | |
Squirrelmail Squirrelmail | =1.4.3_rc1 | |
Squirrelmail Squirrelmail | =1.2.2 | |
Squirrelmail Squirrelmail | =1.4.4_rc1 | |
Squirrelmail Squirrelmail | =1.4.3 | |
Squirrelmail Squirrelmail | =1.2.1 | |
Squirrelmail Squirrelmail | =1.4.1 | |
Squirrelmail Squirrelmail | =1.4.0 | |
Squirrelmail Squirrelmail | =1.4 | |
Squirrelmail Squirrelmail | =1.2.4 | |
Squirrelmail Squirrelmail | =1.2.3 | |
Squirrelmail Squirrelmail | =1.4.3a | |
Squirrelmail Squirrelmail | <=1.4.6 | |
Squirrelmail Squirrelmail | =1.0.4 | |
Squirrelmail Squirrelmail | =1.2.6 | |
Squirrelmail Squirrelmail | =1.4.4 | |
Squirrelmail Squirrelmail | =1.2.10 | |
Squirrelmail Squirrelmail | =1.2.5 | |
Squirrelmail Squirrelmail | =1.2.8 | |
Squirrelmail Squirrelmail | =1.2.11 | |
Squirrelmail Squirrelmail | =1.4.5 | |
<=1.4.6 | ||
=1.0.4 | ||
=1.0.5 | ||
=1.2.0 | ||
=1.2.1 | ||
=1.2.2 | ||
=1.2.3 | ||
=1.2.4 | ||
=1.2.5 | ||
=1.2.6 | ||
=1.2.7 | ||
=1.2.8 | ||
=1.2.9 | ||
=1.2.10 | ||
=1.2.11 | ||
=1.4 | ||
=1.4.0 | ||
=1.4.1 | ||
=1.4.2 | ||
=1.4.3 | ||
=1.4.3_r3 | ||
=1.4.3_rc1 | ||
=1.4.3a | ||
=1.4.4 | ||
=1.4.4_rc1 | ||
=1.4.5 | ||
=1.4.6_rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.