Description** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2006:017, published Fri, 21 Jul 2006 17:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:07:53 2013
CVE page last modified: Fri Oct 7 12:45:33 2022