CVE-2006-2842

by Fred · 06/06/2006

** DISPUTED **

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.

Date published : 2006-06-06

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://www.securityfocus.com/bid/18231

CVE-2006-2842

Similar

Recent Posts

Categories

CVE-2006-2842

Share this:

Similar

Recent Posts

Categories

Tags