漏洞标题
N/A
漏洞描述信息
**争议** SquirrelMail 1.4.6 和更早版本中 functions/plugin.php 函数中的 PHP 远程包含漏洞,当启用 register_globals 并禁用 magic_quotes_gpc 时,允许远程攻击者通过插件数组参数中的 URL 执行任意 PHP 代码。注意:此问题已被第三方争议,他们表示,当启用 register_globals 时,Squirrelmail 向管理员发出突出警告。由于管理员疏忽的多样性不可数,也许这种类型的问题不应该包含在 CVE。然而,原始开发人员已发布了安全警报,因此可能存在相关的实际环境,使此漏洞适用。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Squirrelmail plugin.php PHP远程文件包含漏洞
漏洞描述信息
SquirrelMail是一个多功能的用PHP4实现的Webmail程序,可运行于Linux/Unix类操作系统下。 Squirrelmail 1.4.6版本的functions/plugin.php文件中存在文件包含漏洞。远程攻击者可借助插件数组参数中的URL执行任意PHP代码。 相关代码如下: if (isset($plugins) & & is_array($plugins)) { foreach ($plugins as $name) { use_plugin($name); } ... func
CVSS信息
N/A
漏洞类别
授权问题