CVE-2001-1159

Published: Jul 2, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Affected (2)

Products: Squirrelmail: Squirrelmail

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Version 1.0.4
Squirrelmail Squirrelmail	Version 1.0.5

References (8)

http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.iss.net/security_center/static/6775.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/2968

Source: cve@mitre.org

PatchVendor Advisory

http://www.squirrelmail.org/changelog.php

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.iss.net/security_center/static/6775.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/2968

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.squirrelmail.org/changelog.php

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.