Detections
Analytics

SquirrelMail Multiple Remote Vulnerabilities

high Nessus Plugin ID 11753

Language:

Synopsis

The remote service is vulnerable to information disclosure.

Description

The remote host is running SquirrelMail, a web-based mail server.

There is a flaw in the remote installation that could allow an attacker with a valid webmail account to read, move and delete arbitrary files on this server, with the privileges of the HTTP server.

Solution

Upgrade to SquirrelMail 1.2.12 when it is available.

See Also

https://seclists.org/bugtraq/2003/Jun/191

Plugin Details

Severity: High

ID: 11753

File Name: squirremail_multiple_flaws.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 6/18/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7952