QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-2842

Back to search

CVE-2006-2842

Published: Jun 6, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable

VendorProductVersions

n/a

n/a

affected
n/a

References

SUSE-SR:2006:017
vendor-advisory
x_refsource_SUSE
ADV-2007-2732
vdb-entry
x_refsource_VUPEN
18231
vdb-entry
x_refsource_BID
APPLE-SA-2007-07-31
vendor-advisory
x_refsource_APPLE
20060601 Squirrelmail local file inclusion
mailing-list
x_refsource_BUGTRAQ
21262
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0547
vendor-advisory
x_refsource_REDHAT
20406
third-party-advisory
x_refsource_SECUNIA
1016209
vdb-entry
x_refsource_SECTRACK
ADV-2006-2101
vdb-entry
x_refsource_VUPEN
21159
third-party-advisory
x_refsource_SECUNIA
25159
vdb-entry
x_refsource_BID
MDKSA-2006:101
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:11670
vdb-entry
signature
x_refsource_OVAL
26235
third-party-advisory
x_refsource_SECUNIA
20931
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2006-2842 - Security Vulnerability | QwikSec