Back to CVE Browser

CVE-2002-0516

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1470%

EPSS Percentile10.60th

PublishedAug 12, 2002

Last ModifiedApr 16, 2026

Vulnerability Description

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Affected Platforms (CPE)

📦

Squirrelmail

Squirrelmail

= 1.2.0

📦

Squirrelmail

Squirrelmail

= 1.2.1

📦

Squirrelmail

Squirrelmail

= 1.2.2

📦

Squirrelmail

Squirrelmail

= 1.2.3

📦

Squirrelmail

Squirrelmail

= 1.2.4

📦

Squirrelmail

Squirrelmail

= 1.2.5

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html

🔗 http://www.iss.net/security_center/static/8671.php

🔗 http://www.securityfocus.com/bid/4385

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html

🔗 http://www.iss.net/security_center/static/8671.php

🔗 http://www.securityfocus.com/bid/4385

Related Vulnerabilities

CVE-2004-052410.0

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gai...

CVE-2004-052110.0

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with ...

CVE-2020-149329.8

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is...

CVE-2005-19249.3

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell m...