Junk Email Filter
INVALID: Insecure use of unserialize() with untrusted input
- SquirrelMail uses PHP's unserialize() in a couple places to decode untrusted data from the browser. In some cases, unserialize() can be exploited to make PHP do things on behalf of an attacker that it should not. However, the mechanisms it needs to do so are all absent from SquirrelMail. There is no such vulnerability in SquirrelMail that we know of.
- Affected Versions:
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- This page last updated:
- 2021-10-15 00:00:00