Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. Filippo Cavallarin and Dawid Golunski independently discovered a remote code execution hole in SquirrelMail version 1.4.22 and likely prior. That’s the latest version, by the way, and is dated July 2011.
Fixes are available.
Details may be found at: https://www.theregister.co.uk/2017/04/24/squirrelmail_vuln/.