There is a remote command exec and local file inclusion exploit for squiirelmail, the 1.46 and 1.47
I noticed lately in my error log someone was getting shell to something in var and sure enough it was my squirrelmail 1.47
my advice, move it and pass protect it until a fix is issued.
there is no patch available
I noticed lately in my error log someone was getting shell to something in var and sure enough it was my squirrelmail 1.47
my advice, move it and pass protect it until a fix is issued.
there is no patch available
Last edited: