Attacker Value
Very Low
0

CVE-2020-14932

Disclosure Date: June 20, 2020

Exploitability

(1 user assessed) Very Low
Attack Vector
Network
Privileges Required
None
User Interaction
None

Description

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

Add Assessment

2
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Technical Analysis

tldr

The use of unserialize in PHP that accepts user data. There is no sequence of code that can be exploited to gain code execution using this method.

Outline

Passing user-controlled data to unserialize in PHP is always a bad idea. However, in order to be exploitable there needs to be additional code that will process the data through the use of Magic Methods. There do not appear to be any dangerous methods that take this data in the current version of the PHP script.

If the base PHP version that is running this application also happens to be a version of PHP vulnerable to https://www.cvedetails.com/cve/CVE-2017-5340/ Then there is an increased possibility of gaining code execution using this methodology.

Patch

At the time of release, there is no official patch although third party patches have been made available here

General Information

Additional Info

Technical Analysis