SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

IMAP injection in sqimap_mailbox_select mailbox parameter

Date:
2006-02-15
Description:
By adding newlines to the mailbox parameter of sqimap_mailbox_select, a logged in user can add additional IMAP commands after the command issued by SquirrelMail. The real-world impact of this is unknown.
Affected Versions:
<= 1.4.5
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2006-0377
Patch:
view patch
Credits:
Vicente Aguilera of Internet Security Auditors, S.L.
This page last updated:
2007-07-03 12:58:51
© 1999-2010 by The SquirrelMail Project Team