Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

3 matches found

CVE•added 2020/06/20 1:15 p.m.•57 views

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and ...

8.8CVSS9.4AI score0.00403EPSS

CVE•added 2020/06/20 1:15 p.m.•54 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

9.8CVSS9.3AI score0.00386EPSS

CVE•added 2020/02/13 7:15 p.m.•43 views

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

7.5CVSS7.5AI score0.00148EPSS