This is nuts
Updated Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. Filippo Cavallarin and Dawid Golunski independently discovered a remote code execution hole in SquirrelMail version 1.4.22 and likely prior. That's the latest version, by the way, and is dated July 2011. The bug is a classic failure to sanitize user input, a shortcoming that makes it possible for authenticated attackers to execute arbitrary and malicious shell commands on a remo...