Variable overwriting in compose.php
- A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.
The function that the bug was in, was actually broken in the latest release of SquirrelMail. Therefore the simple fix is to just remove that function entirely if you don't miss it. The patch below restores the functionality (resume a compose session when the user's session expired) and fixes the hole.
- Affected Versions:
- 1.4.0 - 1.4.7
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- James Bercegay of GulfTech Security Research
- This page last updated:
- 2006-08-11 13:40:42