CVE-2007-3779 - PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707

CVE-2007-3779

Summary

PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.

References

http://osvdb.org/37930
http://www.attrition.org/pipermail/vim/2007-July/001703.html
http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15
http://www.braverock.com/gpg/statcvs/commit_log.html

Vulnerable Configurations

cpe:2.3:a:squirrelmail:gpg_plugin:2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:gpg_plugin:2.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 31-10-2012 - 02:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

misc	http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15 http://www.braverock.com/gpg/statcvs/commit_log.html
osvdb	37930
vim	20070710 SquirrelMail GPG Plugin Vulnerabilities

Last major update

31-10-2012 - 02:39

Published

15-07-2007 - 22:30

Last modified

31-10-2012 - 02:39