EIP-2026-112409

PRE-CVE

SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112409. PoCs published by dr_insane.

AI-analyzed exploit summary This is a vulnerability writeup for Squirrelmail, detailing a privilege escalation issue. The provided URL demonstrates how an authenticated user could manipulate URI parameters to move messages between mailboxes, though the initial disclosure and data corruption claims were deemed non-vulnerabilities by the vendor.

Description

SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving

Exploits (1)

exploitdb WRITEUP VERIFIED

by dr_insane · textwebappsphp

https://www.exploit-db.com/exploits/22791

View Code ZIP pw:eip

This is a vulnerability writeup for Squirrelmail, detailing a privilege escalation issue. The provided URL demonstrates how an authenticated user could manipulate URI parameters to move messages between mailboxes, though the initial disclosure and data corruption claims were deemed non-vulnerabilities by the vendor.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Squirrelmail (version not specified)

Auth required

Prerequisites: Authenticated access to Squirrelmail

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026