PT-2002-1567 · Squirrelmail · Squirrelmail

Published

2002-08-12

Updated

2008-09-05

CVE-2002-0516

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.2.5 and earlier

Description The issue allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Recommendations For SquirrelMail versions 1.2.5 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting modifications to the THEME variable in cookies to prevent arbitrary command execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0516

Affected Products

Squirrelmail

PT-2002-1567 · Squirrelmail · Squirrelmail

CVE-2002-0516

Related Identifiers

Affected Products

References · 7