CVE - CVE-2006-2842

CVE-ID
CVE-2006-2842	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
DISPUTED PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-07-31 URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BID:18231 URL:http://www.securityfocus.com/bid/18231 BID:25159 URL:http://www.securityfocus.com/bid/25159 BUGTRAQ:20060601 Squirrelmail local file inclusion URL:http://www.securityfocus.com/archive/1/435605/100/0/threaded CONFIRM:http://docs.info.apple.com/article.html?artnum=306172 CONFIRM:http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE CONFIRM:http://www.squirrelmail.org/security/issue/2006-06-01 MANDRIVA:MDKSA-2006:101 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:101 OVAL:oval:org.mitre.oval:def:11670 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670 REDHAT:RHSA-2006:0547 URL:http://www.redhat.com/support/errata/RHSA-2006-0547.html SECTRACK:1016209 URL:http://securitytracker.com/id?1016209 SECUNIA:20406 URL:http://secunia.com/advisories/20406 SECUNIA:20931 URL:http://secunia.com/advisories/20931 SECUNIA:21159 URL:http://secunia.com/advisories/21159 SECUNIA:21262 URL:http://secunia.com/advisories/21262 SECUNIA:26235 URL:http://secunia.com/advisories/26235 SGI:20060703-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SUSE:SUSE-SR:2006:017 URL:http://www.novell.com/linux/security/advisories/2006_17_sr.html VUPEN:ADV-2006-2101 URL:http://www.vupen.com/english/advisories/2006/2101 VUPEN:ADV-2007-2732 URL:http://www.vupen.com/english/advisories/2007/2732
Assigning CNA
MITRE Corporation
Date Record Created
20060605	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060605)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)