CVE-2005-0075

2005-01-2905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

squirrelmail

code injection

security vulnerability

cve-2005-0075

nvd

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

CPENameOperatorVersion
squirrelmail:squirrelmailsquirrelmaileq1.4.2
squirrelmail:squirrelmailsquirrelmaileq1.0.5
squirrelmail:squirrelmailsquirrelmaileq1.2.7
squirrelmail:squirrelmailsquirrelmaileq1.2.0
squirrelmail:squirrelmailsquirrelmaileq1.2.9
squirrelmail:squirrelmailsquirrelmaileq1.2.2
squirrelmail:squirrelmailsquirrelmaileq1.4.3
squirrelmail:squirrelmailsquirrelmaileq1.2.1
squirrelmail:squirrelmailsquirrelmaileq1.4.1
squirrelmail:squirrelmailsquirrelmaileq1.4.0

CPE	Name	Operator	Version
squirrelmail:squirrelmail	squirrelmail	eq	1.4.2
squirrelmail:squirrelmail	squirrelmail	eq	1.0.5
squirrelmail:squirrelmail	squirrelmail	eq	1.2.7
squirrelmail:squirrelmail	squirrelmail	eq	1.2.0
squirrelmail:squirrelmail	squirrelmail	eq	1.2.9
squirrelmail:squirrelmail	squirrelmail	eq	1.2.2
squirrelmail:squirrelmail	squirrelmail	eq	1.4.3
squirrelmail:squirrelmail	squirrelmail	eq	1.2.1
squirrelmail:squirrelmail	squirrelmail	eq	1.4.1
squirrelmail:squirrelmail	squirrelmail	eq	1.4.0