← back
CVE-2006-2842

CVE-2006-2842

EPSS 44.0%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (3 stars) — exploitation code widely available.
CVSS EPSS 44.0%KEV nãoPoC públicaNuclei simMetasploit Patch referenciado
Lifecycle
02 Jun 2006Public PoC
06 Jun 2006Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.