SQL Injection Vulnerabilities in IMP Webmail by Horde Group
CVE-2003-0025

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
17 January 2003

What is CVE-2003-0025?

IMP versions 2.2.8 and earlier contain multiple SQL injection vulnerabilities that enable remote attackers to manipulate the database. These vulnerabilities can be exploited via certain functions such as check_prefs() in db.pgsql, particularly demonstrated through the mailbox.php3 script. Successful exploitation may allow attackers to execute unauthorized database operations, potentially gaining elevated privileges and compromising sensitive data.

References

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.