SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

1.4.12 and 1.4.11 Package Compromise

Date:
2007-12-13
Description:
The SquirrelMail packages of 1.4.12 and 1.4.11 were externally modified after release through a cracked sourceforge.net developer account. The inserted code can allow for remote PHP code execution in many environments. Updated packages have been published as well as a 1.4.13 version to solve any confustion.
Affected Versions:
1.4.11&12
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2007-6348
Patch:
n/a
Credits:
This page last updated:
2007-12-15 10:15:00
© 1999-2010 by The SquirrelMail Project Team