IMAP injection in sqimap_mailbox_select mailbox parameter
- By adding newlines to the mailbox parameter of sqimap_mailbox_select, a logged in user can add additional IMAP commands after the command issued by SquirrelMail. The real-world impact of this is unknown.
- Affected Versions:
- <= 1.4.5
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Vicente Aguilera of Internet Security Auditors, S.L.
- This page last updated:
- 2007-07-03 12:58:51