CVE-2002-0516 Information

Description

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html http://www.iss.net/security_center/static/8671.php http://www.securityfocus.com/bid/4385