vendor:
SquirrelMail G/PGP Encryption Plug-in
by:
jmp-esp
7.5
CVSS
HIGH
Remote Command Execution
CWE
Product Name: SquirrelMail G/PGP Encryption Plug-in
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability
There is a vulnerability in the keyring_main.php file of the SquirrelMail G/PGP Encryption Plug-in that allows remote command execution. The 'fpr' parameter is not properly escaped, allowing an attacker to execute arbitrary commands on the target system.
Mitigation:
To mitigate this vulnerability, it is recommended to update to the latest version of the SquirrelMail G/PGP Encryption Plug-in and ensure that input parameters are properly validated and sanitized.