CVE-2007-6348

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.

Published: Dec 14, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6348
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.4.12	1.4.12.x
squirrelmail / squirrelmail	1.4.11	1.4.11.x

http://marc.info/?l=bugtraq&m=119765643909825&w=2
http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2
http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2
http://osvdb.org/42633
http://secunia.com/advisories/28095
http://www.securityfocus.com/archive/1/485037/100/0/threaded
http://www.squirrelmail.org/index.php

Vulnerability Database

289,697

CVE-2007-6348