4 matches found
SquirrelMail <= 1.4.22 Multiple Vulnerabilities
SquirrelMail is prone to multiple Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...
CVE-2020-14933
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...
CVE-2020-14933
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...
CVE-2020-14933
CVE-2020-14933 affects SquirrelMail 1.4.22. compose.php calls unserialize on the attachments value derived from HTTP POST data, enabling an unsafe deserialization path. The vendor disputes that the required PHP object-injection conditions are met (presence of a PHP magic method and attack-relevan...