| ID |
CVE-2005-1924
|
| Summary |
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 19-10-2018 - 15:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 24874 | | bugtraq | 20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability | | exploit-db | 4173 | | gentoo | GLSA-200708-08 | | idefense | - 20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability
- 20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability
| | osvdb | | | secunia | | | vim | 20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln | | vupen | ADV-2007-2513 | | xf | - squirrelmail-gpgp-keyfunc-command-execution(35364)
- squirrelmail-gpgp-keyring-command-execution(35355)
|
|
| Last major update |
19-10-2018 - 15:32 |
| Published |
31-12-2005 - 05:00 |
| Last modified |
19-10-2018 - 15:32 |
