Lucene search

K
cve[email protected]CVE-2001-1159
HistoryMar 15, 2002 - 5:00 a.m.

CVE-2001-1159

2002-03-1505:00:00
web.nvd.nist.gov
20
squirrelmail
load_prefs.php
remote attack
sensitive files
execute code
php variables

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Affected configurations

NVD
Node
squirrelmailsquirrelmailMatch1.0.4
OR
squirrelmailsquirrelmailMatch1.0.5

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

Related for CVE-2001-1159