Back to search
CVE-2007-3778
Published: Jul 15, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26035
third-party-advisory
x_refsource_SECUNIA
37931
vdb-entry
x_refsource_OSVDB
[dailydave] 20070709 SquirrelMail GPG Plugin vuln
mailing-list
x_refsource_MLIST
20070711 SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability
third-party-advisory
x_refsource_IDEFENSE
24874
vdb-entry
x_refsource_BID
20070710 SquirrelMail GPG Plugin Vulnerabilities
mailing-list
x_refsource_VIM
ADV-2007-2513
vdb-entry
x_refsource_VUPEN
[dailydave] 20070708 SquirrelMail GPG Plugin vuln
mailing-list
x_refsource_MLIST
squirrelmail-gpgp-hook-command-execution(35363)
vdb-entry
x_refsource_XF
20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
mailing-list
x_refsource_VIM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now