Vulnerabilities > CVE-2002-0516 - Remote Command Execution vulnerability in SquirrelMail Theme

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

exploit available

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Part	Description	Count
Application	Squirrelmail Squirrelmail Squirrelmail 1.2.0 Squirrelmail Squirrelmail 1.2.1 Squirrelmail Squirrelmail 1.2.2 Squirrelmail Squirrelmail 1.2.3 Squirrelmail Squirrelmail 1.2.4 Squirrelmail Squirrelmail 1.2.5	6

description	SquirrelMail 1.2.x Theme Remote Command Execution Vulnerability. CVE-2002-0516 . Webapps exploit for php platform
id	EDB-ID:21358
last seen	2016-02-02
modified	2002-03-28
published	2002-03-28
reporter	pokleyzz sakamaniaka
source	https://www.exploit-db.com/download/21358/
title	SquirrelMail 1.2.x Theme Remote Command Execution Vulnerability