SquirrelMail Compose.PHP信息泄露和数据修改漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

SquirrelMail是一款基于PHP的WEB MAIL服务程序。 SquirrelMail不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞获得敏感信息或覆盖系统文件。 验证用户可以使用compose.php脚本覆盖随计变量,可能导致读取或覆盖用户参考文件或附件。 SquirrelMail SquirrelMail 1.4.7 SquirrelMail SquirrelMail 1.4.6 -rc1 SquirrelMail SquirrelMail 1.4.6 -cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail SquirrelMail 1.4.4 RC1 SquirrelMail SquirrelMail 1.4.4 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 + Gentoo Linux SquirrelMail SquirrelMail 1.4.3 RC1 SquirrelMail SquirrelMail 1.4.3 r3 + Gentoo Linux SquirrelMail SquirrelMail 1.4.3 a + Conectiva Linux 9.0 + RedHat Fedora Core3 SquirrelMail SquirrelMail 1.4.3 SquirrelMail SquirrelMail 1.4.3 SquirrelMail SquirrelMail 1.4.2 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + RedHat...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息