diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml index 89babc059c..91f4c6ccbf 100644 --- a/cves/2006/CVE-2006-2842.yaml +++ b/cves/2006/CVE-2006-2842.yaml @@ -4,7 +4,7 @@ info: name: Squirrelmail <=1.4.6 - Local File Inclusion author: dhiyaneshDk severity: high - description: 'SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.' + description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable. reference: - https://www.exploit-db.com/exploits/27948 - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE @@ -13,7 +13,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2006-2842 classification: cve-id: CVE-2006-2842 - tags: cve2006,lfi,squirrelmail,cve + tags: cve,cve2006,lfi,squirrelmail requests: - method: GET