The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.
This update improves os detection and adds runtime cost.
This update improves os detection and adds runtime cost.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name