SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Local file inclusions in prefs.php

Date:
2005-01-14
Description:
A recent change in prefs.php allowed for an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code.

This only affects people with register_globals set to On, which is not recommended.
Affected Versions:
1.4.3-RC1 - 1.4.4-RC1
Register Globals:
This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
CVE ID(s):
CVE-2005-0075
Patch:
view patch
Credits:
This vulnerability was discovered by SquirrelMail developer Jimmy Conner.
This page last updated:
2007-07-03 13:00:12
© 1999-2010 by The SquirrelMail Project Team