CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Published: Aug 11, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4019
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.4.2	1.4.2.x
squirrelmail / squirrelmail	1.4.6_rc1	1.4.6_rc1.x
squirrelmail / squirrelmail	1.4.3_r3	1.4.3_r3.x
squirrelmail / squirrelmail	1.4.6	1.4.6.x
squirrelmail / squirrelmail	1.4.7	1.4.7.x
squirrelmail / squirrelmail	1.4.3_rc1	1.4.3_rc1.x
squirrelmail / squirrelmail	1.4.4_rc1	1.4.4_rc1.x
squirrelmail / squirrelmail	1.4.3	1.4.3.x
squirrelmail / squirrelmail	1.4.1	1.4.1.x
squirrelmail / squirrelmail	1.4.0	1.4.0.x
squirrelmail / squirrelmail	1.44	1.44.x
squirrelmail / squirrelmail	1.4.3a	1.4.3a.x
squirrelmail / squirrelmail	1.4_rc1	1.4_rc1.x
squirrelmail / squirrelmail	1.4.4	1.4.4.x
squirrelmail / squirrelmail	1.4.5	1.4.5.x

Vulnerability Database

289,697

CVE-2006-4019