Squirrelmail CVE-2017-7692 Command Injection Vulnerability
Description: SquirrelMail versions 1.4.22 and below are vulnerable to a command-line argument injection exploit that could allow arbitrary code execution if $edit_identity and $useSendmail are enabled and user has knowledge of the location and permissions on the SquirrelMail attachment directory.
Impact: Successful exploit allows an attacker to inject and execute arbitrary commands in context of the affected application. Squirrelmail version 1.4.22 and prior are vulnerable.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts