SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Local file inclusion

Date:
2006-06-01
Description:
A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if register_globals is enabled, and magic_quotes_gpc is disabled.
Affected Versions:
<= 1.4.6
Register Globals:
This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
CVE ID(s):
CVE-2006-2842
Patch:
view patch
Credits:
Junker Broke of Denix Solutions
This page last updated:
2006-07-09 15:59:53
© 1999-2010 by The SquirrelMail Project Team