| ID |
CVE-2007-3778
|
| Summary |
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 29-07-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 24874 | | idefense | 20070711 SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability | | mlist | - [dailydave] 20070708 SquirrelMail GPG Plugin vuln
- [dailydave] 20070709 SquirrelMail GPG Plugin vuln
| | osvdb | 37931 | | secunia | 26035 | | vim | - 20070710 SquirrelMail GPG Plugin Vulnerabilities
- 20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
| | vupen | ADV-2007-2513 | | xf | squirrelmail-gpgp-hook-command-execution(35363) |
|
| Last major update |
29-07-2017 - 01:32 |
| Published |
15-07-2007 - 22:30 |
| Last modified |
29-07-2017 - 01:32 |
