Family: CGI abuses --> Category: attack
SquirrelMail session_expired_post Arbitrary Variables Overwriting Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to overwrite a variable SquirrelMail
Detailed Explanation for this Vulnerability Test
The remote webmail application suffers from a data modification
The installed version of SquirrelMail allows for restoring expired
sessions in an unsafe manner. Using a specially-crafted expired
session, a user can leverage this issue to take control of arbitrary
variables used by the affected application, which can lead to other
attacks against the system, such as reading or writing of arbitrary
files on the system.
See also :
Apply the patch referenced in the vendor advisory above or upgrade to
SquirrelMail version 1.4.8 or later.
Medium / CVSS Base Score : 4.7
Click HERE for more information and discussions on this network vulnerability scan.