Squirrelmail CVE-2017-7692 Command Injection Vulnerability
by CIRT Team
Description: SquirrelMail versions 1.4.22 and below are vulnerable to a command-line argument injection exploit that could allow arbitrary code execution if $edit_identity and $useSendmail are enabled and user has knowledge of the location and permissions on the SquirrelMail attachment directory.
Impact: Successful exploit allows an attacker to inject and execute arbitrary commands in context of the affected application. Squirrelmail version 1.4.22 and prior are vulnerable.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
26 Oct 2023 - Security Advisories & Alerts