漏洞标题
N/A
漏洞描述信息
SquirrelMail 1.4.6 和更早版本,如果启用了 register_globals,允许远程攻击者通过未知路径窃取 src/redirect.php 中的cookie。请注意:虽然 "cookie theft" 经常与 XSS 相关联,但 vendor 披露过于模糊,无法确保这一点。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
SquirrelMail 'register_globals'未知劫持COOKIES漏洞
漏洞描述信息
SquirrelMail 1.4.6和更早版本register_globals启用时候,允许远程攻击者在redirect.php利用未知向量劫持COOKIES.
CVSS信息
N/A
漏洞类别
授权问题