cbcvebase.
CVE-2006-4169
published 2007-07-15

CVE-2006-4169: Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to…

PriorityP425medium5.5CVSS 2.0
AVNACLAuSCPIPAN
EPSS
1.62%
73.0th percentile
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.

Affected

3 ranges
VendorProductVersion rangeFixed in
squirrelmailgpg_plugin
squirrelmailgpg_plugin
squirrelmailsquirrelmail

CVSS provenance

nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.