PublicDate: 2006-06-06 20:06:00 UTC
Candidate: CVE-2006-2842
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2842
Description:
 ** DISPUTED **  PHP remote file inclusion vulnerability in
 functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals
 is enabled and magic_quotes_gpc is disabled, allows remote attackers to
 execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE:
 this issue has been disputed by third parties, who state that Squirrelmail
 provides prominent warnings to the administrator when register_globals is
 enabled.  Since the varieties of administrator negligence are uncountable,
 perhaps this type of issue should not be included in CVE.  However, the
 original developer has posted a security advisory, so there might be
 relevant real-world environments under which this vulnerability is
 applicable.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_squirrelmail: released (1.4.6-1ubuntu0.1)
edgy_squirrelmail: released (1.4.8-1ubuntu0.1)
feisty_squirrelmail: released (1.4.9a-1ubuntu0.1)
devel_squirrelmail: released (1.4.10a-2)
upstream_squirrelmail: needs-triage