- Description
- SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-94
- Hype score
- Not currently trending
- Red HatThe versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue. In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12"
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97"
}
],
"operator": "OR"
}
]
}
]