SQL Injection Vulnerabilities in IMP Webmail by Horde Group
CVE-2003-0025
Currently unrated
What is CVE-2003-0025?
IMP versions 2.2.8 and earlier contain multiple SQL injection vulnerabilities that enable remote attackers to manipulate the database. These vulnerabilities can be exploited via certain functions such as check_prefs() in db.pgsql, particularly demonstrated through the mailbox.php3 script. Successful exploitation may allow attackers to execute unauthorized database operations, potentially gaining elevated privileges and compromising sensitive data.
