Homer
Well-known member
SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system.
The SquirrelSpell plugin for SquirrelMail may, if called directly, pass user supplied input to a shell command. If the input contains shell metacharacters, arbitary commands may be executed. Exploitation of this vulnerability may lead to local access as the non-privileged user 'nobody'.
vulnerable SquirrelMail SquirrelSpell 0.3.5
+ SquirrelMail SquirrelMail 1.2.3
Earlier versions of SquirrelSpell may share this vulnerability.
The SquirrelSpell plugin for SquirrelMail may, if called directly, pass user supplied input to a shell command. If the input contains shell metacharacters, arbitary commands may be executed. Exploitation of this vulnerability may lead to local access as the non-privileged user 'nobody'.
vulnerable SquirrelMail SquirrelSpell 0.3.5
+ SquirrelMail SquirrelMail 1.2.3
Earlier versions of SquirrelSpell may share this vulnerability.
