Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Local file inclusions in prefs.php
- Date:
- 2005-01-14
- Description:
- A recent change in prefs.php allowed for an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code.
This only affects people with register_globals set to On, which is not recommended.
- Affected Versions:
- 1.4.3-RC1 - 1.4.4-RC1
- Register Globals:
- This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
- CVE ID(s):
- CVE-2005-0075
- Patch:
- view patch
- Credits:
- This vulnerability was discovered by SquirrelMail developer Jimmy Conner.
- This page last updated:
- 2007-07-03 13:00:12
|
