Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Attachments directory traversal vulnerability
- Date:
- 2018-04-04
- Description:
- SquirrelMail versions 1.4.22 and below are vulnerable to a directory traversal attack that is exploited by injecting specially crafted attachment filenames on the compose screen. The attack is limited only to actors that have login credentials to the vulnerable SquirrelMail instance and only those files that the web server can access. Attackers can send and/or delete such files.
- Affected Versions:
- <= 1.4.22
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2018-8741
- Patch:
- view patch
- Credits:
- Florian Grunow
- This page last updated:
- 2018-04-04 00:00:00
|
