{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2"}, {"name": "20071213 SECURITY: 1.4.12 Package Compromise", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"}, {"name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119765643909825&w=2"}, {"name": "28095", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28095"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.squirrelmail.org/index.php"}, {"name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2"}, {"name": "42633", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42633"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-6348", "datePublished": "2007-12-14T19:00:00", "dateReserved": "2007-12-14T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code."}, {"lang": "es", "value": "SquirrelMail versiones 1.4.11 y 1.4.12, distribuidas en sourceforge.net versiones anteriores a 20071213, se han modificado externamente para crear un Caballo de Troya que introduce una vulnerabilidad de inclusi\u00f3n remota de archivos PHP, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2007-6348", "lastModified": "2018-10-15T21:52:13.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-14T19:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=119765643909825&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/42633"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28095"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.squirrelmail.org/index.php"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "The versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue. In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages.\n", "lastModified": "2007-12-17T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}