NVD

Id
67642  
Name
CVE-2005-1924  
Description
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2005-12-31  
Modified Date
2017-07-10  
Seq
2005-1924  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
350083 67642 CVE-2005-1924 20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability  View
350084 67642 CVE-2005-1924 20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability  View
350085 67642 CVE-2005-1924 4173  View
350086 67642 CVE-2005-1924 GLSA-200708-08  View
350087 67642 CVE-2005-1924 20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln  View
350088 67642 CVE-2005-1924 20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability  View
350089 67642 CVE-2005-1924 24874  View
350090 67642 CVE-2005-1924 ADV-2007-2513  View
350091 67642 CVE-2005-1924 squirrelmail-gpgp-keyring-command-execution(35355)  View
350092 67642 CVE-2005-1924 squirrelmail-gpgp-keyfunc-command-execution(35364)  View

Related JVN