Squirrelmail
By the Year
In 2024 there have been 0 vulnerabilities in Squirrelmail . Squirrelmail did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 2 | 9.30 |
2019 | 1 | 6.10 |
2018 | 7 | 6.49 |
It may take a day or so for new Squirrelmail vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Squirrelmail Security Vulnerabilities
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request
CVE-2020-14932
9.8 - Critical
- June 20, 2020
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Marshaling, Unmarshaling
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request
CVE-2020-14933
8.8 - High
- June 20, 2020
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).
Marshaling, Unmarshaling
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2
CVE-2019-12970
6.1 - Medium
- July 01, 2019
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14950
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14951
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14952
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14953
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14954
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
XSS
The mail message display page in SquirrelMail through 1.4.22 has XSS
CVE-2018-14955
6.1 - Medium
- August 05, 2018
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
XSS
A directory traversal flaw in SquirrelMail 1.4.22
CVE-2018-8741
8.8 - High
- March 17, 2018
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Directory traversal
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which
CVE-2012-2124
- January 18, 2013
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
Resource Management Errors
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier
CVE-2010-1637
6.5 - Medium
- June 22, 2010
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
XSPA
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string
CVE-2009-1381
- May 22, 2009
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which
CVE-2009-0030
- January 21, 2009
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
authentification
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled
CVE-2006-2842
- June 06, 2006
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Squirrelmail or by Squirrelmail? Click the Watch button to subscribe.