SquirrelMail < 1.4.18 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5037
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running SquirrelMail, a web-based email client. The installed version of SquirrelMail is affected by multiple vulnerabilities :
- Multiple cross-site scripting vulnerabilities.
- A code-injection vulnerability affects the 'map_yp_alias' function which an attacker could exploit to execute arbitrary code subject to the privileges of the web server.
- Multiple session-fixation issues could allow an attacker to steal an unsuspecting user's session.
SolutionUpgrade to SquirrelMail 1.4.18 or newer.