SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

SQL injection vulnerability in addressbook

Date:
2004-05-10
Description:
When using the addressbook database backend, SquirrelMail users could inject portions of SQL into executed queries.
Affected Versions:
<= 1.4.2
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2004-0521
Patch:
view patch
Credits:
This page last updated:
2007-07-03 13:00:52
© 1999-2010 by The SquirrelMail Project Team