Red Hat Bugzilla – Bug 194286
CVE-2006-2842 Squirrelmail file inclusion
Last modified: 2007-11-30 17:11:34 EST
+++ This bug was initially created as a clone of Bug #194283 +++
Squirrelmail file inclusion
A PHP file inclusion error was found in squirrelmail. If if
register_globals is enabled and magic_quotes_gpc is disabled,
it becomes possible for an unauthenticated remote attacker to view
arbitrary file contents.
This confuration is not default nor safe.
This issue also affects RHEL3
There is an upstream patch here: