CVE-2007-3778

The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
Configurations

Configuration 1

cpe:2.3:a:squirrelmail:gpg_plugin:2.1_dev:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*

Information

Published : 2007-07-15 10:30

Updated : 2017-07-29 01:32


NVD link : CVE-2007-3778

Mitre link : CVE-2007-3778

Products Affected
No products.