CVE-2007-3636
published 2007-07-10CVE-2007-3636: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.08%
86.0th percentile
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| squirrelmail | gpg_plugin | <= 2.1 | — |
| squirrelmail | gpg_plugin | — | — |
| squirrelmail | squirrelmail | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-3636: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2
vendor_redhat·CVSS 7.5
CVE-2007-3636 [HIGH] CVE-2007-3636: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
Statement: Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
GHSA
GHSA-87rp-52qv-ghjc: The G/PGP (GPG) Plugin 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-1924 [HIGH] GHSA-87rp-52qv-ghjc: The G/PGP (GPG) Plugin 2
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
GHSA
GHSA-294w-jfj8-gx6r: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2
ghsa_unreviewed·2022-05-01
CVE-2007-3636 [HIGH] GHSA-294w-jfj8-gx6r: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
No detection rules found.
No writeups or analysis indexed.
http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.htmlhttp://osvdb.org/45790http://www.attrition.org/pipermail/vim/2007-July/001703.htmlhttp://www.securityfocus.com/bid/24828http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.htmlhttp://osvdb.org/45790http://www.attrition.org/pipermail/vim/2007-July/001703.htmlhttp://www.securityfocus.com/bid/24828
2007-07-10
Published