SQL Injection Vulnerability in Postfix Admin by Postfix
CVE-2014-2655

Currently unrated

Key Information:

Vendor: Postfix Admin Project
Status: Postfix Admin
Vendor: CVE Published:; 2 April 2014

🔔 Create Postfix Admin Project Vulnerability Alert

What is CVE-2014-2655?

A vulnerability exists in the gen_show_status function of Postfix Admin (postfixadmin) versions before 2.3.7, which allows remote authenticated users to exploit the system by executing arbitrary SQL commands through the creation of a new alias. This flaw can lead to unauthorized access to the underlying database and potential exposure of sensitive information.

References

http://sourceforge.net/p/postfixadmin/code/1650

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2889

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-updates/2014-05/msg000...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2014
Vulnerability Reserved
Mar 26, 2014

CVE-2014-2655 Data

JSON