Описание
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.4.6-1ubuntu0.1 |
| devel | released | 1.4.10a-2 |
| edgy | released | 1.4.8-1ubuntu0.1 |
| feisty | released | 1.4.9a-1ubuntu0.1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extr ...
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
EPSS
4.3 Medium
CVSS2