Back to search
CVE-2006-4169
Published: Jul 15, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26035
third-party-advisory
x_refsource_SECUNIA
26424
third-party-advisory
x_refsource_SECUNIA
20070711 SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability
third-party-advisory
x_refsource_IDEFENSE
37933
vdb-entry
x_refsource_OSVDB
37932
vdb-entry
x_refsource_OSVDB
24874
vdb-entry
x_refsource_BID
ADV-2007-2513
vdb-entry
x_refsource_VUPEN
GLSA-200708-08
vendor-advisory
x_refsource_GENTOO
squirrelmail-gpgp-help-file-include(35362)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now