CVE-2020-14932

Опубликовано: 20 июн. 2020

Источник: redhat

CVSS3: 6.3

EPSS Низкий

Описание

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

An unsafe deserialization vulnerability was found in SquirrelMail. This flaw allows an authenticated user to craft malicious form data when submitting mail.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	squirrelmail	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-676

https://bugzilla.redhat.com/show_bug.cgi?id=1850180squirrelmail: use of unserialize function for the mailtodata value in compose.php

EPSS

Процентиль: 64%

0.00468

Низкий

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-14932

CVSS3: 9.8

ubuntu

больше 5 лет назад

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

CVE-2020-14932

CVSS3: 9.8

nvd

больше 5 лет назад

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

CVE-2020-14932

CVSS3: 9.8

debian

больше 5 лет назад

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...

GHSA-96wg-f4w5-jcvj

github

больше 3 лет назад

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

EPSS

Процентиль: 64%

0.00468

Низкий

6.3 Medium

CVSS3