CVE-2006-2842

** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*

Information

Published : 2006-06-06 13:06

Updated : 2018-10-18 09:43


NVD link : CVE-2006-2842

Mitre link : CVE-2006-2842


JSON object : View

Advertisement

dedicated server usa

Products Affected

squirrelmail

  • squirrelmail