Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6348

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6348
Last Modified 04 Sep 2013 01:33:47
Published 14 Dec 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6348

Summary

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.

Vulnerable Systems

Application

  • Squirrelmail 1.4.11

  • Squirrelmail 1.4.12


References

CONFIRM - http://www.squirrelmail.org/index.php

BUGTRAQ - 20071213 SECURITY: 1.4.12 Package Compromise

SECUNIA - 28095

OSVDB - 42633

MLIST - [squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise

MLIST - [squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise

BUGTRAQ - 20071214 ANNOUNCE: SquirrelMail 1.4.13 Released


Last Updated: 27 May 2016 10:46:28