compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Recent assessments:
kevthehermit at June 20, 2020 5:17pm UTC reported:
The use of unserialize in PHP that accepts user data. There is no sequence of code that can be exploited to gain code execution using this method.
Passing user-controlled data to unserialize in PHP is always a bad idea. However, in order to be exploitable there needs to be additional code that will process the data through the use of Magic Methods. There do not appear to be any dangerous methods that take this data in the current version of the PHP script.
If the base PHP version that is running this application also happens to be a version of PHP vulnerable to <https://www.cvedetails.com/cve/CVE-2017-5340/> Then there is an increased possibility of gaining code execution using this methodology.
At the time of release, there is no official patch although third party patches have been made available here
Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 1