CVE-2006-2842

2006-06-0620:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2842

php

remote file inclusion

squirrelmail

vulnerability

security advisory

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.243 Low

EPSS

Percentile

96.5%

JSON

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable

CPENameOperatorVersion
squirrelmail:squirrelmailsquirrelmaileq1.4.2
squirrelmail:squirrelmailsquirrelmaileq1.0.5
squirrelmail:squirrelmailsquirrelmaileq1.4.6_rc1
squirrelmail:squirrelmailsquirrelmaileq1.4.3_r3
squirrelmail:squirrelmailsquirrelmaileq1.2.7
squirrelmail:squirrelmailsquirrelmaileq1.2.0
squirrelmail:squirrelmailsquirrelmaileq1.2.9
squirrelmail:squirrelmailsquirrelmaileq1.4.3_rc1
squirrelmail:squirrelmailsquirrelmaileq1.2.2
squirrelmail:squirrelmailsquirrelmaileq1.4.4_rc1

CPE	Name	Operator	Version
squirrelmail:squirrelmail	squirrelmail	eq	1.4.2
squirrelmail:squirrelmail	squirrelmail	eq	1.0.5
squirrelmail:squirrelmail	squirrelmail	eq	1.4.6_rc1
squirrelmail:squirrelmail	squirrelmail	eq	1.4.3_r3
squirrelmail:squirrelmail	squirrelmail	eq	1.2.7
squirrelmail:squirrelmail	squirrelmail	eq	1.2.0
squirrelmail:squirrelmail	squirrelmail	eq	1.2.9
squirrelmail:squirrelmail	squirrelmail	eq	1.4.3_rc1
squirrelmail:squirrelmail	squirrelmail	eq	1.2.2
squirrelmail:squirrelmail	squirrelmail	eq	1.4.4_rc1