|
Family: CGI abuses --> Category: attack
SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for remote command execution vulnerability in SquirrelMail S/MIME Plugin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to arbitrary
command execution attacks.
Description :
The S/MIME test for SquirrelMail installed on the remote host does
not sanitize the 'cert' parameter used by the 'viewcert.php' script.
An authenticated user can exploit this flaw to execute system commands
remotely in the context of the web server.
See also :
http://www.idefense.com/application/poi/display?id=191&type=vulnerabilities
http://www.squirrelmail.org/test_view.php?id=54
Solution :
Upgrade to version 0.6 or later of the test.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|