SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Local file inclusions in prefs.php

Date:
2005-01-14
Description:
A recent change in prefs.php allowed for an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code.

This only affects people with register_globals set to On, which is not recommended.
Affected Versions:
1.4.3-RC1 - 1.4.4-RC1
Register Globals:
This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
CVE ID(s):
CVE-2005-0075
Patch:
view patch
Credits:
This vulnerability was discovered by SquirrelMail developer Jimmy Conner.
This page last updated:
2007-07-03 13:00:12
© 1999-2016 by The SquirrelMail Project Team