Summary
SquirrelMail is prone to multiple vulnerabilities, including multiple session-fixation issues, a code-injection issue, and multiple cross-site scripting issues.
Attackers may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user, to hijack the session of a valid user, or to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the computer
other attacks are also
possible.
Versions prior to SquirrelMail 1.4.18 are vulnerable.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Allaire JRun directory browsing vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities