CVE-2003-0990 - The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to ex

CVE-2003-0990

Summary

The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.

References

Vulnerable Configurations

cpe:2.3:a:squirrelmail:gpg_plugin:1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:gpg_plugin:1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9296
bugtraq	20031224 Bugtraq Security Systems ADV-0001 20031226 Re: Reported Command Injection in Squirrelmail GPG
misc	http://www.bugtraq.org/advisories/_BSSADV-0001.txt
xf	squirrelmail-parseaddress-command-execution(14079)

Last major update

11-07-2017 - 01:29

Published

20-01-2004 - 05:00

Last modified

11-07-2017 - 01:29