Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SquirrelMail < 1.4.8 Local File Inclusion

Medium

Synopsis

The remote host is vulnerable to a remote 'file include' flaw.

Description

The remote host is running Squirrelmail, a web-based email client. This version of Squirrelmail is vulnerable to a 'file include' flaw within the redirect.php script. An attacker exploiting this flaw would be able to execute local commands. This can lead to the reading, writing or deletion of critical data. To exploit this flaw, the attacker would only need to be able to send web requests to the server.

Solution

Upgrade to version 1.4.8 or higher.