Unrated severityNVD Advisory· Published Jun 20, 2020· Updated Aug 4, 2024
CVE-2020-14933
CVE-2020-14933
Description
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SquirrelMail/SquirrelMaildescription
- Range: =1.4.22
Patches
Vulnerability mechanics
References
1- www.openwall.com/lists/oss-security/2020/06/20/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.