Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2001-1159

Published

22 years ago

Last Modified

15 years ago

CVSSv2.0 Severity

High

Impact Analysis

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP..

CVSSv2.0 Score

Severity: High
Base Score: 7.5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding	Edit
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:::::::*	Yes	-	-
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2001-1159

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2001-1159

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References