Update CVE-2006-2842.yaml

patch-1
Prince Chaddha 2022-07-06 14:40:20 +05:30 committed by GitHub
parent 1238c53587
commit 73d02ca8ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -4,7 +4,7 @@ info:
name: Squirrelmail <=1.4.6 - Local File Inclusion
author: dhiyaneshDk
severity: high
description: 'SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.'
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
reference:
- https://www.exploit-db.com/exploits/27948
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
@ -13,7 +13,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
classification:
cve-id: CVE-2006-2842
tags: cve2006,lfi,squirrelmail,cve
tags: cve,cve2006,lfi,squirrelmail
requests:
- method: GET