Your submission was sent successfully! Close

CVE-2018-8741

Published: 17 March 2018

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
squirrelmail
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (2:1.4.23~svn20120406-2+deb8u2)
xenial Not vulnerable
(2:1.4.23~svn20120406-2+deb8u2)