The G/PGP (GPG) Plugin 2.0, and 2.1dev prior to 20060912, for Squirrelmail allows remote malicious users to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail gpg plugin 2.1_dev |
||
squirrelmail gpg plugin 2.0 |