CVE-2001-1159

Sažetak

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Reference

http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html
http://www.iss.net/security_center/static/6775.php
http://www.securityfocus.com/bid/2968
http://www.squirrelmail.org/changelog.php

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 20:25

Objavljeno

02-07-2001 - 04:00