Squirrelmail is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server.
Created squirrelmail tracking bugs for this issue:
Affects: epel-all [bug 1445166]
Affects: fedora-all [bug 1445167]