CVE-2020-14932

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0100%

EPSS Percentile19.36th

PublishedJun 20, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

Affected Platforms (CPE)

📦

Squirrelmail

= 1.4.22

References & Advisories

🔗 https://www.openwall.com/lists/oss-security/2020/06/20/1

Related Vulnerabilities

CVE-2004-052110.0

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with ...

CVE-2002-051610.0

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variab...

CVE-2004-052410.0

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gai...

CVE-2005-19249.3

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell m...