Descriptionoptions_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2005:018, published Thu, 28 Jul 2005 13:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:33:54 2013
CVE page last modified: Fri Oct 7 12:45:31 2022