Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

11 matches found

CVE•added 2005/02/06 5:0 a.m.•127 views

CVE-2005-0103

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.

7.5CVSS7.2AI score0.0338EPSS

CVE•added 2006/06/06 8:6 p.m.•103 views

CVE-2006-2842

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by t...

7.5CVSS7.2AI score0.0094EPSS

CVE•added 2005/03/28 5:0 a.m.•62 views

CVE-2002-1648

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

7.5CVSS6.7AI score0.01268EPSS

CVE•added 2007/05/13 11:19 p.m.•53 views

CVE-2007-2631

Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.

7.5CVSS6.8AI score0.01268EPSS

CVE•added 2005/03/28 5:0 a.m.•44 views

CVE-2002-1650

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

7.5CVSS7.7AI score0.0282EPSS

CVE•added 2005/02/06 5:0 a.m.•43 views

CVE-2005-0152

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

7.5CVSS7.4AI score0.04621EPSS

CVE•added 2020/02/13 7:15 p.m.•43 views

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

7.5CVSS7.5AI score0.00148EPSS

CVE•added 2007/07/10 12:30 a.m.•42 views

CVE-2007-3636

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.

7.5CVSS7.4AI score0.05052EPSS

CVE•added 2002/10/04 4:0 a.m.•41 views

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

7.5CVSS6.6AI score0.02453EPSS

CVE•added 2025/04/02 1:15 p.m.•38 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

7.2CVSS6AI score0.00053EPSS

CVE•added 2002/03/15 5:0 a.m.•36 views

CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a me...

7.5CVSS8AI score0.01983EPSS