CVE-2005-1924 — Vulnetix

Try Vulnetix Request Demo

CVE-2005-1924 PUBLISHED CVSS 9.300000190734863 CRITICAL

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.

EPSS 9.84% · 92.9th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

9.84%

92.9th percentile

Affected Products

Vendor	Product	Versions
squirrelmail	gpg_plugin	0
n/a	n/a	n/a

Timeline

Dec 31, 2005 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

squirrelmail-gpgp-keyfunc-command-execution(35364) vdb
26035 third-party-advisory
26424 third-party-advisory
37924 vdb
24874 vdb
20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability third-party-advisory
4173 exploit
squirrelmail-gpgp-keyring-command-execution(35355) vdb
ADV-2007-2513 vdb
37923 vdb
GLSA-200708-08 vendor-advisory
20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability third-party-advisory
20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln mailing-list
20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2005-1924 advisory

Open in Interactive Console →