2 matches found
PT-2017-17890
Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 20170427 0200-SVN Description The issue allows post-authentication remote code execution via a mishandled sendmail.cf file in a popen call. This can be exploited to execute arbitrary shell commands on the remote...
Squirrelmail Remote Code Execution Vulnerability
SquirrelMail is a PHP-based WEB mail service program . A remote code execution vulnerability exists in DeliverSendMail.class.php in the initStream function of Squirrelmail, due to escapeshellcmd not escaping space characters. An attacker could use the vulnerability to execute arbitrary code over...