load_prefs.php and supporting include files in SquirrelMail 1.0.4 and previous versions do not properly initialize certain PHP variables, which allows remote malicious users to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail squirrelmail 1.0.4 |
||
squirrelmail squirrelmail 1.0.5 |