CVE-2006-4019

SquirrelMail <1.4.7 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4019. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup describes a vulnerability in SquirrelMail <= 1.4.7 where an authenticated attacker can overwrite arbitrary variables due to unsafe handling of expired sessions. This can lead to arbitrary file read/write or other attacks by manipulating the `session_expired_post` session variable.

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43839

View Code ZIP pw:eip

The writeup describes a vulnerability in SquirrelMail <= 1.4.7 where an authenticated attacker can overwrite arbitrary variables due to unsafe handling of expired sessions. This can lead to arbitrary file read/write or other attacks by manipulating the `session_expired_post` session variable.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: SquirrelMail <= 1.4.7

Auth required

Prerequisites: Authenticated session · Access to a vulnerable SquirrelMail instance

MITRE ATT&CK

T1055 - Process Injection T1555 - Credentials from Password Stores

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (29)

Core 29

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21586

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-577

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2732

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1154

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21354

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22487

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016689

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_23_sr.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3271

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21444

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28365

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22080

Various Sources mailing-list x_refsource_vim

http://attrition.org/pipermail/vim/2006-August/000970.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19486

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0668.html

Patch x_refsource_misc

http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch

Patch x_refsource_confirm

http://www.squirrelmail.org/security/issue/2006-08-11

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22104

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/442993/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/442980/100/0/threaded

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=115532449024178&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27917

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=306172

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25159

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:147

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26235

Scores

EPSS 0.0923

EPSS Percentile 94.7%

Details

Status published

Products (15)

squirrelmail/squirrelmail 1.4.0

squirrelmail/squirrelmail 1.4.1

squirrelmail/squirrelmail 1.4.2

squirrelmail/squirrelmail 1.4.3

squirrelmail/squirrelmail 1.4.3_r3

squirrelmail/squirrelmail 1.4.3_rc1

squirrelmail/squirrelmail 1.4.3a

squirrelmail/squirrelmail 1.4.4

squirrelmail/squirrelmail 1.4.4_rc1

squirrelmail/squirrelmail 1.4.5

... and 5 more

Published Aug 11, 2006

Tracked Since Feb 18, 2026