icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SquirrelMail < 1.4.18 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running SquirrelMail, a web-based email client. The installed version of SquirrelMail is affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities.

- A code-injection vulnerability affects the 'map_yp_alias' function which an attacker could exploit to execute arbitrary code subject to the privileges of the web server.

- Multiple session-fixation issues could allow an attacker to steal an unsuspecting user's session.

Solution

Upgrade to SquirrelMail 1.4.18 or newer.