SquirrelMail < 1.4.4 decodeHeader HTML Injection
Medium Nessus Network Monitor Plugin ID 2401
SynopsisThe remote host allows attackers to bypass user authentication.
DescriptionThe remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4 are vulnerable to an email HTML injection vulnerability. A remote attacker can exploit this flaw to gain access to users' accounts.
SolutionUpgrade to SquirrelMail 1.4.4 or higher.