Squirrelmail remote execute commands bug
Source: Xatrix
L33tdawg: While the exploit available allows an attacker to run any command as the user who runs the webserver (in most cases this is nobody), I believe the extent of damage that is possible is probrably limited -- unless of course you're crazy enough to be running Apache as root! :)
Version Affected:
1.2.2
Squirrelmail is a webmail system, which allows users to send, get, read etc. mails. It has some themes, plugins etc. One of the plugins has a very interesting piece of code .