CVE - CVE-2006-2842

CVE-ID
CVE-2006-2842	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
DISPUTED PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060601 Squirrelmail local file inclusion URL:http://www.securityfocus.com/archive/1/435605/100/0/threaded CONFIRM:http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE CONFIRM:http://www.squirrelmail.org/security/issue/2006-06-01 CONFIRM:http://docs.info.apple.com/article.html?artnum=306172 APPLE:APPLE-SA-2007-07-31 URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html MANDRIVA:MDKSA-2006:101 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 REDHAT:RHSA-2006:0547 URL:http://www.redhat.com/support/errata/RHSA-2006-0547.html SGI:20060703-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SUSE:SUSE-SR:2006:017 URL:http://www.novell.com/linux/security/advisories/2006_17_sr.html BID:18231 URL:http://www.securityfocus.com/bid/18231 BID:25159 URL:http://www.securityfocus.com/bid/25159 OVAL:oval:org.mitre.oval:def:11670 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670 VUPEN:ADV-2006-2101 URL:http://www.vupen.com/english/advisories/2006/2101 VUPEN:ADV-2007-2732 URL:http://www.vupen.com/english/advisories/2007/2732 SECTRACK:1016209 URL:http://securitytracker.com/id?1016209 SECUNIA:20406 URL:http://secunia.com/advisories/20406 SECUNIA:20931 URL:http://secunia.com/advisories/20931 SECUNIA:21159 URL:http://secunia.com/advisories/21159 SECUNIA:21262 URL:http://secunia.com/advisories/21262 SECUNIA:26235 URL:http://secunia.com/advisories/26235
Assigning CNA
N/A
Date Entry Created
20060605	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060605)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org