CVE-2006-3665 in SquirrelMailinfo

Summary

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

07/17/2006

Disclosure

07/18/2006

Moderation

VulDB entry created

Entries

VDB-31362

CPE

ready

CWE

CWE-80 (Confirmed)

CVSS

4.3

EPSS

0.00342

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2006-3665
NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3665
CVE Details	https://www.cvedetails.com/cve/CVE-2006-3665/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!