Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0025

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0025
Last Modified 10 Sep 2008 08:05:24
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0025

Summary

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

Vulnerable Systems

Application

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5

  • Horde Imp 2.2.6

  • Horde Imp 2.2.7

  • Horde Imp 2.2.8


References

DEBIAN - DSA-229

BUGTRAQ - 20030108 IMP 2.x SQL injection vulnerabilities

SECTRACK - 1005904

BID - 6559

BUGTRAQ - 20030108 Re: IMP 2.x SQL injection vulnerabilities

SECUNIA - 8177

SECUNIA - 8087


Last Updated: 27 May 2016 10:37:45