The AliasHandler component in PostfixAdmin prior to 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse leap 42.1 |
||
opensuse leap 42.2 |
||
postfixadmin project postfixadmin |