Squirrelmail CVE-2017-7692 Command Injection Vulnerability

Description:  SquirrelMail versions 1.4.22 and below are vulnerable to a command-line argument injection exploit that could allow arbitrary code execution if $edit_identity and $useSendmail are enabled and user has knowledge of the location and permissions on the SquirrelMail attachment directory.

Impact: Successful exploit allows an attacker to inject and execute arbitrary commands in context of the affected application. Squirrelmail version 1.4.22 and prior are vulnerable.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

Share