PT-2006-4864 · Squirrelmail+1 · Squirrelmail+1
Published
2006-08-11
·
Updated
2018-10-17
·
CVE-2006-4019
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SquirrelMail versions 1.4.0 through 1.4.7
Description
The issue allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users due to a dynamic variable evaluation vulnerability in compose.php.
Recommendations
For SquirrelMail versions 1.4.0 through 1.4.7, update to a version that contains a fix for this issue to prevent exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat
Squirrelmail