Directory Traversal Vulnerability in SquirrelMail 1.4.22 Allows Unauthorized File Exfiltration

Directory Traversal Vulnerability in SquirrelMail 1.4.22 Allows Unauthorized File Exfiltration

CVE-2018-8741 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.

Learn more about our Cis Benchmark Audit For Server Software.