SquirrelMail
SquirrelMail is an open-source webmail application written in PHP. It provides a web-based interface for accessing email via the IMAP protocol and sends messages through SMTP. The project also includes a separate IMAP proxy server written in C. Both components are released under the GNU General Public License version 2 or later.
Products
10- 67 CVEs
- 8 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
79| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7692 | Hig | 0.63 | 8.8 | 0.32 | Apr 20, 2017 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The… | ||
| CVE-2018-8741 | Hig | 0.58 | 8.8 | 0.04 | Mar 17, 2018 | A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | ||
| CVE-2025-30090 | Hig | 0.47 | 7.2 | 0.00 | Apr 2, 2025 | mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. | ||
| CVE-2010-1637 | Med | 0.42 | 6.5 | 0.03 | Jun 22, 2010 | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | ||
| CVE-2018-14955 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | ||
| CVE-2018-14954 | Med | 0.40 | 6.1 | 0.02 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | ||
| CVE-2018-14953 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | ||
| CVE-2018-14952 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack. | ||
| CVE-2018-14951 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | ||
| CVE-2018-14950 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<a xlink:href=" attack. | ||
| CVE-2006-2842 | 0.07 | — | 0.47 | Jun 6, 2006 | PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue… | |||
| CVE-2004-0519 | 0.05 | — | 0.23 | Aug 18, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | |||
| CVE-2003-0990 | 0.05 | — | 0.29 | Jan 20, 2004 | The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. | |||
| CVE-2002-1131 | 0.05 | — | 0.26 | Oct 4, 2002 | Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | |||
| CVE-2006-4019 | 0.04 | — | 0.09 | Aug 11, 2006 | Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||
| CVE-2005-1924 | 0.04 | — | 0.10 | Dec 31, 2005 | The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php,… | |||
| CVE-2004-0520 | 0.04 | — | 0.07 | Aug 18, 2004 | Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||
| CVE-2002-0516 | 0.04 | — | 0.11 | Aug 12, 2002 | SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | |||
| CVE-2007-3636 | 0.03 | — | 0.03 | Jul 10, 2007 | Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | |||
| CVE-2006-0331 | 0.03 | — | 0.01 | Jan 21, 2006 | Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. |
- risk 0.63cvss 8.8epss 0.32
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The…
- risk 0.58cvss 8.8epss 0.04
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
- risk 0.47cvss 7.2epss 0.00
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
- risk 0.42cvss 6.5epss 0.03
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
- risk 0.40cvss 6.1epss 0.02
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<a xlink:href=" attack.
- CVE-2006-2842Jun 6, 2006risk 0.07cvss —epss 0.47
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue…
- CVE-2004-0519Aug 18, 2004risk 0.05cvss —epss 0.23
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
- CVE-2003-0990Jan 20, 2004risk 0.05cvss —epss 0.29
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
- CVE-2002-1131Oct 4, 2002risk 0.05cvss —epss 0.26
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
- CVE-2006-4019Aug 11, 2006risk 0.04cvss —epss 0.09
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
- CVE-2005-1924Dec 31, 2005risk 0.04cvss —epss 0.10
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php,…
- CVE-2004-0520Aug 18, 2004risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
- CVE-2002-0516Aug 12, 2002risk 0.04cvss —epss 0.11
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
- CVE-2007-3636Jul 10, 2007risk 0.03cvss —epss 0.03
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
- CVE-2006-0331Jan 21, 2006risk 0.03cvss —epss 0.01
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.