SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability

SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability

A vulnerability exists in the SquirrelMail S/MIME plug-in that may allow malicious Web mail users to execute system commands remotely. The source of the problem is that user data is passed to the PHP 'exec()' function without sufficient sanitization.

Command execution would occur in the context of the Web server hosting the vulnerable software.