FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- plugin.php local file inclusion vulnerability

Affected packages
squirrelmail < 1.4.6_1

Details

VuXML ID 00784d6e-f4ce-11da-87a1-000c6ec775d9
Discovery 2006-06-01
Entry 2006-06-05
Modified 2006-06-06

The SquirrelMail Project Team reports:

A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if register_globals is enabled, and magic_quotes_gpc is disabled.

[source]

References

URL http://secunia.com/advisories/20406/
URL http://www.squirrelmail.org/security/issue/2006-06-01

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.