What is CVE-2003-0990?

CVE-2003-0990 is a vulnerability in N/a. Published 2004-01-06.

Is CVE-2003-0990 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2003-0990

The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.

EPSS: 0.814 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

squirrelmail-parseaddress-command-execution(14079) (vdb-entry, x_refsource_XF)
www.bugtraq.org/advisories/_BSSADV-0001.txt (x_refsource_MISC)
20031224 Bugtraq Security Systems ADV-0001 (mailing-list, x_refsource_BUGTRAQ)
9296 (vdb-entry, x_refsource_BID)
20031226 Re: Reported Command Injection in Squirrelmail GPG (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2003-0990?: CVE-2003-0990 is a vulnerability in N/a. Published 2004-01-06.
Is CVE-2003-0990 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.