Frame content changing in webmail.php
- Insufficient checking of incoming URL vars allowed for an attacker to include arbitrary remote web pages in the SquirrelMail frameset.
- Affected Versions:
- <= 1.4.4-RC1
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Thanks to Manoel Zaninetti for notifying us about this issue.
- This page last updated:
- 2007-07-03 13:00:04