SQL Injection Vulnerabilities in Postfix Admin by Postfix
CVE-2012-0811

Currently unrated

Key Information:

Vendor: Postfix
Status: Postfix
Vendor: CVE Published:; 1 October 2014

What is CVE-2012-0811?

Multiple SQL injection vulnerabilities have been identified in Postfix Admin versions prior to 2.3.5, which potentially allow remote authenticated users to execute arbitrary SQL commands. One specific vector involves the 'pw' parameter to the 'pacrypt' function when 'mysql_encrypt' is active, while other unspecified vectors can be exploited through backup files generated by 'backup.php'. This can lead to unauthorized database manipulation and compromise the integrity of the system.

References

http://www.securityfocus.com/bid/51680

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2012/01/26/5

mailing-listx_refsource_MLIST

http://www.codseq.it/advisories/multiple_vulnerabilities_...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2014
Vulnerability Reserved
Jan 19, 2012

CVE-2012-0811 Data

JSON