SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

INVALID: Insecure use of unserialize() with untrusted input

Date:
2021-10-15
Description:
SquirrelMail uses PHP's unserialize() in a couple places to decode untrusted data from the browser. In some cases, unserialize() can be exploited to make PHP do things on behalf of an attacker that it should not. However, the mechanisms it needs to do so are all absent from SquirrelMail. There is no such vulnerability in SquirrelMail that we know of.
Affected Versions:
None
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2020-14933
Patch:
n/a
Credits:
This page last updated:
2021-10-15 00:00:00
© 1999-2016 by The SquirrelMail Project Team