CVE-2006-2842 : Detail

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 27948

Publication date : 2006-06-01 22h00 +00:00
Author : brokejunker
EDB Verified : Yes

Products Mentioned

Configuraton 0

Squirrelmail>>Squirrelmail >> Version To (including) 1.4.6

Squirrelmail>>Squirrelmail >> Version 1.0.4

Squirrelmail>>Squirrelmail >> Version 1.0.5

Squirrelmail>>Squirrelmail >> Version 1.2.0

Squirrelmail>>Squirrelmail >> Version 1.2.1

Squirrelmail>>Squirrelmail >> Version 1.2.2

Squirrelmail>>Squirrelmail >> Version 1.2.3

Squirrelmail>>Squirrelmail >> Version 1.2.4

Squirrelmail>>Squirrelmail >> Version 1.2.5

Squirrelmail>>Squirrelmail >> Version 1.2.6

Squirrelmail>>Squirrelmail >> Version 1.2.7

Squirrelmail>>Squirrelmail >> Version 1.2.8

Squirrelmail>>Squirrelmail >> Version 1.2.9

Squirrelmail>>Squirrelmail >> Version 1.2.10

Squirrelmail>>Squirrelmail >> Version 1.2.11

Squirrelmail>>Squirrelmail >> Version 1.4

Squirrelmail>>Squirrelmail >> Version 1.4.0

Squirrelmail>>Squirrelmail >> Version 1.4.1

Squirrelmail>>Squirrelmail >> Version 1.4.2

Squirrelmail>>Squirrelmail >> Version 1.4.3

Squirrelmail>>Squirrelmail >> Version 1.4.3_r3

Squirrelmail>>Squirrelmail >> Version 1.4.3_rc1

Squirrelmail>>Squirrelmail >> Version 1.4.3a

Squirrelmail>>Squirrelmail >> Version 1.4.4

Squirrelmail>>Squirrelmail >> Version 1.4.4_rc1

Squirrelmail>>Squirrelmail >> Version 1.4.5

Squirrelmail>>Squirrelmail >> Version 1.4.6_rc1

References