CVE-2002-0516

SquirrelMail <1.2.5 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0516. PoCs published by pokleyzz sakamaniaka.

AI-analyzed exploit summary This exploit targets a vulnerability in SquirrelMail 1.2.5 by corrupting the theme selection variable to execute arbitrary commands. It uses cURL to send crafted requests, manipulating cookies and POST data to achieve remote code execution.

Description

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by pokleyzz sakamaniaka · bashwebappsphp
https://www.exploit-db.com/exploits/21358

This exploit targets a vulnerability in SquirrelMail 1.2.5 by corrupting the theme selection variable to execute arbitrary commands. It uses cURL to send crafted requests, manipulating cookies and POST data to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SquirrelMail 1.2.5
Auth required
Prerequisites: Valid username and password · Access to the SquirrelMail login page · cURL installed on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8671.php
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4385

Scores

EPSS 0.1096
EPSS Percentile 95.3%

Details

Status published
Products (6)
squirrelmail/squirrelmail 1.2.0
squirrelmail/squirrelmail 1.2.1
squirrelmail/squirrelmail 1.2.2
squirrelmail/squirrelmail 1.2.3
squirrelmail/squirrelmail 1.2.4
squirrelmail/squirrelmail 1.2.5
Published Aug 12, 2002
Tracked Since Feb 18, 2026