Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev prior to 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail gpg plugin 2.0 |
||
squirrelmail gpg plugin 2.1_dev |