Published: 17/01/2003 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in IMP 2.2.8 and previous versions allow remote malicious users to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde imp 2.2
horde imp 2.2.7
horde imp 2.2.8
horde imp 2.2.1
horde imp 2.2.2
horde imp 2.2.3
horde imp 2.2.4
horde imp 2.2.5
horde imp 2.2.6

Jouko Pynnonen discovered a problem with IMP, a web based IMAP mail program Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication Even though results of SQL queries aren't directly readable from the screen, an attacker might update their mail signature to contain wanted query ...

NVD-CWE-Other http://www.debian.org/security/2003/dsa-229 http://www.securityfocus.com/archive/1/306268 http://www.securityfocus.com/bid/6559 http://www.securitytracker.com/id?1005904 http://secunia.com/advisories/8087 http://secunia.com/advisories/8177 http://marc.info/?l=bugtraq&m=104204786206563&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-229

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0025

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect