CVE-2003-0990
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
Title source: llmDescription
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16888
metasploit
WORKING POC
MANUAL
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb
References (5)
Scores
EPSS
0.8144
EPSS Percentile
99.2%
Details
Status
published
Published
Jan 20, 2004
Tracked Since
Feb 18, 2026