SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Attachments directory traversal vulnerability

Date:
2018-04-04
Description:
SquirrelMail versions 1.4.22 and below are vulnerable to a directory traversal attack that is exploited by injecting specially crafted attachment filenames on the compose screen. The attack is limited only to actors that have login credentials to the vulnerable SquirrelMail instance and only those files that the web server can access. Attackers can send and/or delete such files.
Affected Versions:
<= 1.4.22
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2018-8741
Patch:
view patch
Credits:
Florian Grunow
This page last updated:
2018-04-04 00:00:00
© 1999-2016 by The SquirrelMail Project Team