VDB

CVE-2005-1924

CVE-2005-1924 PUBLISHED CVSS 9.300000190734863 CRITICAL

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.

EPSS 9.57% · 93.0th percentile

Risk Scores

CVSS 2.0
9.300000190734863
EPSS Score
9.57%
93.0th percentile

Affected Products

VendorProductVersions
squirrelmailgpg_plugin0
n/an/a*

Exploit Intelligence

…and 4 more exploits

Timeline

  • Dec 31, 2005 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›