CVE Vulnerabilities

CVE-2005-2095

Published: Jul 13, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Affected Software

Name Vendor Start Version End Version
Squirrelmail Squirrelmail 1.0.4 1.0.4
Squirrelmail Squirrelmail 1.0.5 1.0.5
Squirrelmail Squirrelmail 1.2.0 1.2.0
Squirrelmail Squirrelmail 1.2.1 1.2.1
Squirrelmail Squirrelmail 1.2.2 1.2.2
Squirrelmail Squirrelmail 1.2.3 1.2.3
Squirrelmail Squirrelmail 1.2.4 1.2.4
Squirrelmail Squirrelmail 1.2.5 1.2.5
Squirrelmail Squirrelmail 1.2.6 1.2.6
Squirrelmail Squirrelmail 1.2.7 1.2.7
Squirrelmail Squirrelmail 1.2.8 1.2.8
Squirrelmail Squirrelmail 1.2.9 1.2.9
Squirrelmail Squirrelmail 1.2.10 1.2.10
Squirrelmail Squirrelmail 1.2.11 1.2.11
Squirrelmail Squirrelmail 1.4 1.4
Squirrelmail Squirrelmail 1.4.0 1.4.0
Squirrelmail Squirrelmail 1.4.1 1.4.1
Squirrelmail Squirrelmail 1.4.2 1.4.2
Squirrelmail Squirrelmail 1.4.3 1.4.3
Squirrelmail Squirrelmail 1.4.3_rc1 1.4.3_rc1
Squirrelmail Squirrelmail 1.4.3a 1.4.3a
Squirrelmail Squirrelmail 1.44 1.44

References