Vulnerabilities > Squirrelmail > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-20 | CVE-2020-14933 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
| 2020-02-13 | CVE-2012-5623 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Squirrelmail Change Passwd 4.0 Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | 7.5 |
| 2018-03-17 | CVE-2018-8741 | Path Traversal vulnerability in multiple products A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | 8.8 |
| 2017-04-20 | CVE-2017-7692 | Improper Input Validation vulnerability in Squirrelmail 1.4.22 SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. | 8.8 |