CVE-2020-14932

Name of the Vulnerable Software and Affected Versions SquirrelMail version 1.4.22

Description The issue arises from the compose.php file in SquirrelMail, which calls unserialize for the $mailtodata value. This value originates from an HTTP GET request, making it a potential entry point for exploitation. The vulnerability is related to the mailto.php file.

Recommendations For SquirrelMail version 1.4.22, consider disabling the unserialize function for the $mailtodata value in the compose.php file as a temporary workaround until a patch is available. Restrict access to the compose.php and mailto.php files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.