Vulnerabilities > CVE-2002-1650 - Remote Security vulnerability in Squirrelmail 1.2.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
squirrelmail

Summary

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

Vulnerable Configurations

Part Description Count
Application
Squirrelmail
1

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.