CVE-2006-2842
NUCLEISquirrelMail < 1.4.6 - Remote File Inclusion via Plugin Array Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2006-2842. PoCs published by brokejunker, karthi-the-hacker. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit leverages a local file inclusion vulnerability in SquirrelMail due to improper input sanitization. By manipulating the 'plugins[]' parameter in the redirect.php script, an attacker can include arbitrary local files, such as '/etc/passwd'.
Description
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
Exploits (2)
This exploit leverages a local file inclusion vulnerability in SquirrelMail due to improper input sanitization. By manipulating the 'plugins[]' parameter in the redirect.php script, an attacker can include arbitrary local files, such as '/etc/passwd'.
This repository contains a Node.js-based scanner for CVE-2006-2842, a Local File Inclusion (LFI) vulnerability. The tool sends crafted HTTP requests to detect the vulnerability by attempting to read '/etc/passwd' via a null-byte termination attack.
Nuclei Templates (1)
http.title:"squirrelmail" || cpe:"cpe:2.3:a:squirrelmail:squirrelmail"
title="squirrelmail"