Remote file inclusion

2006-06-0620:06:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.243 Low

EPSS

Percentile

96.5%

JSON

DISPUTED PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.

CPENameOperatorVersion
squirrelmaileq1.4.2
squirrelmaileq1.0.5
squirrelmaileq1.4.6-rc1
squirrelmaileq1.4.3-r3
squirrelmaileq1.2.7
squirrelmaileq1.2.0
squirrelmaileq1.2.9
squirrelmaileq1.4.3-rc1
squirrelmaileq1.2.2
squirrelmaileq1.4.4-rc1

Name	Operator	Version
squirrelmail	eq	1.4.2
squirrelmail	eq	1.0.5
squirrelmail	eq	1.4.6-rc1
squirrelmail	eq	1.4.3-r3
squirrelmail	eq	1.2.7
squirrelmail	eq	1.2.0
squirrelmail	eq	1.2.9
squirrelmail	eq	1.4.3-rc1
squirrelmail	eq	1.2.2
squirrelmail	eq	1.4.4-rc1