Vulnerability Details CVE-2002-0516
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.064
EPSS Ranking 90.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
- http://www.iss.net/security_center/static/8671.php
- http://www.securityfocus.com/bid/4385
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
- http://www.iss.net/security_center/static/8671.php
- http://www.securityfocus.com/bid/4385
Products affected by CVE-2002-0516
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5