PT-2007-7212 · Squirrelmail · Squirrelmail
Published
2007-12-14
·
Updated
2018-10-15
·
CVE-2007-6348
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SquirrelMail versions 1.4.11 through 1.4.12
Description
The issue concerns a PHP remote file inclusion vulnerability that allows remote attackers to execute arbitrary code. This vulnerability was introduced by an external modification to create a Trojan Horse.
Recommendations
For SquirrelMail versions 1.4.11 and 1.4.12, consider avoiding the use of the affected software until a clean version is obtained, as the distributed version has been externally modified to introduce the vulnerability.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Squirrelmail