Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SquirrelMail < 1.4.5 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running SquirrelMail, a webmail system written in PHP. The version of SquirrelMail installed on the remote host is prone to multiple flaws : - Multiple Cross-Site Scripting Vulnerabilities. Using a specially-crafted URL or email message, an attacker may be able to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking SquirrelMail sessions. - Post Variable Handling Vulnerabilities - Using specially-crafted POST requests, an attacker may be able to set random variables in the file 'options_identities.php', which could lead to accessing other users' preferences, cross-site scripting attacks, and writing to arbitrary files.

Solution

Upgrade to version 1.4.5 or higher.