Back to search
CVE-2005-1924
Published: Jul 15, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
squirrelmail-gpgp-keyfunc-command-execution(35364)
vdb-entry
x_refsource_XF
26035
third-party-advisory
x_refsource_SECUNIA
26424
third-party-advisory
x_refsource_SECUNIA
37924
vdb-entry
x_refsource_OSVDB
24874
vdb-entry
x_refsource_BID
20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability
third-party-advisory
x_refsource_IDEFENSE
4173
exploit
x_refsource_EXPLOIT-DB
squirrelmail-gpgp-keyring-command-execution(35355)
vdb-entry
x_refsource_XF
ADV-2007-2513
vdb-entry
x_refsource_VUPEN
37923
vdb-entry
x_refsource_OSVDB
GLSA-200708-08
vendor-advisory
x_refsource_GENTOO
20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability
third-party-advisory
x_refsource_IDEFENSE
20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
mailing-list
x_refsource_VIM
20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now