Remote Code Execution and Cross-Site Scripting Vulnerability in SquirrelMail 1.4.4 and Earlier

Remote Code Execution and Cross-Site Scripting Vulnerability in SquirrelMail 1.4.4 and Earlier

CVE-2005-2095 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Learn more about our User Device Pen Test.