CVE-2001-1159

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.0.4 and earlier

Description The issue allows remote attackers to view sensitive files and execute arbitrary code. This is due to the improper initialization of certain PHP variables in load prefs.php and supporting include files. Attackers can exploit this by using options such as config php and data dir to view sensitive files, or by uploading a message that could be interpreted as PHP via options order.php.

Recommendations For SquirrelMail versions 1.0.4 and earlier, update to a version that properly initializes PHP variables to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.