Family: CGI abuses --> Category: attack
SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for remote command execution vulnerability in SquirrelMail S/MIME Plugin
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to arbitrary
command execution attacks.
The S/MIME test for SquirrelMail installed on the remote host does
not sanitize the 'cert' parameter used by the 'viewcert.php' script.
An authenticated user can exploit this flaw to execute system commands
remotely in the context of the web server.
See also :
Upgrade to version 0.6 or later of the test.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.