0.003 Low
EPSS
Percentile
71.4%
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to …/ in the att_local_name field in Deliver.class.php.
www.openwall.com/lists/oss-security/2018/03/17/2 insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/
bugzilla.redhat.com/show_bug.cgi?id=1557840