CVE-2005-2095

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.4 and earlier

Description: The issue allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting (XSS) attacks, and write arbitrary files. This is due to the use of the extract function to process the $ POST variable in the options identities.php file.

Recommendations: For SquirrelMail versions 1.4.4 and earlier, consider disabling the options identities.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the extract function to process user-input data, such as the $ POST variable, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.