A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated malicious user to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail squirrelmail 1.4.22 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |