CVE-2005-2095

SquirrelMail <= 1.4.4 - Remote Code Execution via Extract Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2095. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a writeup describing a variable overwriting vulnerability in SquirrelMail due to an unsafe extract() call in options_identities.php. The vulnerability allows attackers to overwrite critical variables by submitting crafted POST data.

Description

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43830

View Code ZIP pw:eip

This is a writeup describing a variable overwriting vulnerability in SquirrelMail due to an unsafe extract() call in options_identities.php. The vulnerability allows attackers to overwrite critical variables by submitting crafted POST data.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: SquirrelMail <= 1.4.5-RC1

No auth needed

Prerequisites: Access to the SquirrelMail web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14254

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/405200

Various Sources x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00090-07142005

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/405202

Issue Tracking vendor-advisory x_refsource_fedora

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/21359

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-595.html

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-756

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Issue Tracking x_refsource_confirm

http://www.squirrelmail.org/security/issue/2005-07-13

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500

Scores

EPSS 0.0424

EPSS Percentile 89.7%

Details

Status published

Products (22)

squirrelmail/squirrelmail 1.0.4

squirrelmail/squirrelmail 1.0.5

squirrelmail/squirrelmail 1.2.0

squirrelmail/squirrelmail 1.2.1

squirrelmail/squirrelmail 1.2.2

squirrelmail/squirrelmail 1.2.3

squirrelmail/squirrelmail 1.2.4

squirrelmail/squirrelmail 1.2.5

squirrelmail/squirrelmail 1.2.6

squirrelmail/squirrelmail 1.2.7

... and 12 more

Published Jul 13, 2005

Tracked Since Feb 18, 2026