SynopsisThe remote webmail application allows execution of arbitrary code.
DescriptionThe installed version of SquirrelMail fails to properly sanitize input to the '$username' variable in the 'map_yp_alias' function in 'functions/imap_general.php'. An unauthenticated, remote attacker can exploit this to execute arbitrary code subject to the privileges of the affected web-server.
Note that there are also reported to be several cross-site scripting vulnerabilities as well as a session fixation vulnerability, though Nessus has not tested for these.
SolutionUpgrade to SquirrelMail 1.4.19 or later.