SquirrelMail G/PGP Encryption Plugin Access Validation And Input Validation Vulnerabilities

SquirrelMail G/PGP Encryption Plugin Access Validation And Input Validation Vulnerabilities

Attackers can exploit these issues with a browser. In the case of the input-validation vulnerability, an attacker may be able to exploit this issue through malicious JavaScript in an email or web page or by enticing an unsuspecting user to import a specially crafted public key.

The following proof of concept is available:

/data/vulnerabilities/exploits/26788.eml