CVE-2020-14932
First published: Sat Jun 20 2020(Updated: )
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SquirrelMail | =1.4.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-14932?
CVE-2020-14932 is classified as a moderate severity vulnerability due to the potential for remote code execution through unserialization.
How do I fix CVE-2020-14932?
To fix CVE-2020-14932, upgrade to the latest version of SquirrelMail or apply a patch that mitigates the unserialization of untrusted data.
What versions of SquirrelMail are affected by CVE-2020-14932?
CVE-2020-14932 specifically affects SquirrelMail version 1.4.22.
What is the impact of CVE-2020-14932 on SquirrelMail users?
The impact of CVE-2020-14932 on SquirrelMail users includes the risk of remote code execution, which can lead to unauthorized access and data compromise.
Is CVE-2020-14932 related to any other vulnerabilities?
CVE-2020-14932 is related to mailto.php, as it involves the handling of mailto data within the application.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/squirrelmail
- canonical/squirrelmail
- version/squirrelmail/1.4.22