CVE-2005-2095 in SquirrelMailinfo

Summary

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/30/2005

Disclosure

07/13/2005

Moderation

VulDB entry created

Entries

VDB-25773 (1)

CPE

ready

CWE

CWE-80 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.11150

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-2095
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2095
CVE Details	https://www.cvedetails.com/cve/CVE-2005-2095/

◂ Previous Overview Next ▸