Lucene search

K

SquirrelMail 1.2.11 Administrator Plugin - options.php Arbitrary Admin Account Creation

๐Ÿ—“๏ธย 17 Jun 2003ย 00:00:00Reported byย dr_insaneTypeย 
exploitpack
ย exploitpack
๐Ÿ‘ย 9ย Views

SquirrelMail 1.2.11 Administrator Plugin - options.php Arbitrary Admin Account Creation

Show more
Code
source: https://www.securityfocus.com/bid/7952/info
 
Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation.
 
The problems appear to occur due to insufficient sanitization of URI parameters submitted within HTTP requests.
 
*** It has been discovered that all information disclosure and data corruption issues are in fact not vulnerabilities. The issue lies in the default IMAP configuration, allowing a remote authenticated user to specify their local mailbox file. This behaviour is clearly specified in the IMAP FAQ.
 
All actions carried out by an authenticated user are done with their own local system privileges, effectively having no affect on the system. This information has been confirmed by the vendor.
 
It should also be noted that the vendor has announced that the privilege elevation issue is indeed legitimate. In the future this BID will be re-used to cover that vulnerability alone. 


http://www.example.com/plugins/administrator/options.php?username="root"&adm_Group1=//Find it from file:plugins/administrator/admins//&off=true&key=$

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Jun 2003 00:00Current
0.2Low risk
Vulners AI Score0.2
9
.json
Report