VULHUB ™

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system. The SquirrelSpell plugin for SquirrelMail may, if called directly, pass user supplied input to a shell command. If the input contains shell metacharacters, arbitary commands may be executed. Exploitation of this vulnerability may lead to local access as the non-privileged user 'nobody'. Earlier versions of SquirrelSpell may share this vulnerability.

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system. The SquirrelSpell plugin for SquirrelMail may, if called directly, pass user supplied input to a shell command. If the input contains shell metacharacters, arbitary commands may be executed. Exploitation of this vulnerability may lead to local access as the non-privileged user 'nobody'. Earlier versions of SquirrelSpell may share this vulnerability.