Squirrelmail · Squirrelmail · CVE-2006-0377
**Name of the Vulnerable Software and Affected Versions**
SquirrelMail versions 1.4.0 through 1.4.5
**Description**
The issue allows remote attackers to inject arbitrary IMAP commands via newline characters in the `mailbox` parameter of the "sqimap mailbox select" command. This is related to a CRLF injection vulnerability.
**Recommendations**
For SquirrelMail versions 1.4.0 through 1.4.5, consider restricting access to the sqimap mailbox select command until a patch is available. Avoid using newline characters in the `mailbox` parameter to minimize the risk of exploitation.