FreeBSD : squirrelmail -- _$POST variable handling allows for various attacks (7d52081f-2795-11da-bc01-000e0c2e438a)
Medium Nessus Plugin ID 21456
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Squirrelmail Advisory reports :
An extract($_POST) was done in options_identities.php which allowed for an attacker to set random variables in that file. This could lead to the reading (and possible writing) of other people's preferences, cross site scripting or writing files in webserver-writable locations.
SolutionUpdate the affected packages.