Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2020/06/25 12:0 a.m.178 views

SquirrelMail <= 1.4.22 Multiple Vulnerabilities

SquirrelMail is prone to multiple Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

9.3AI score
Exploits0References1
NVD
NVD
added 2020/06/20 1:15 p.m.13 views

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

8.8CVSS0.01415EPSS
Exploits0References1
OSV
OSV
added 2020/06/20 1:15 p.m.4 views

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

8.8CVSS7.3AI score
Exploits0References1
CVE
CVE
added 2020/06/20 12:7 p.m.73 views

CVE-2020-14933

CVE-2020-14933 affects SquirrelMail 1.4.22. compose.php calls unserialize on the attachments value derived from HTTP POST data, enabling an unsafe deserialization path. The vendor disputes that the required PHP object-injection conditions are met (presence of a PHP magic method and attack-relevan...

8.8CVSS9.4AI score0.01415EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder