Security

Local file inclusion

Date:

2006-06-01

Description:

A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if register_globals is enabled, and magic_quotes_gpc is disabled.

Affected Versions:

<= 1.4.6

Register Globals:

This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.

CVE ID(s):

CVE-2006-2842

Patch:

view patch

Credits:

Junker Broke of Denix Solutions

This page last updated:

2006-07-09 15:59:53