postfixadmin SQL injection vulnerability

2014.03.26
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 6.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Jednorazowa
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Hi, Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases. If the alias contains SQL code, the list-virtual.php overview triggers the vulnerability. The vulnerability was fixed upstream in this commit: http://sourceforge.net/p/postfixadmin/code/1650 Please assign a CVE name for this issue. /branches/postfixadmin-2.3/functions.inc.php Diff Switch to side-by-side view --- a/branches/postfixadmin-2.3/functions.inc.php +++ b/branches/postfixadmin-2.3/functions.inc.php @@ -9,14 +9,14 @@ * Further details on the project are available at : * http://www.postfixadmin.com or http://postfixadmin.sf.net * - * @version $Id: functions.inc.php 1638 2014-02-13 20:12:43Z christian_boltz $ + * @version $Id: functions.inc.php 1650 2014-02-19 12:27:02Z christian_boltz $ * @license GNU GPL v2 or later. * * File: functions.inc.php * Contains re-usable code. */ -$version = '2.3.6'; +$version = '2.3.7'; /** * check_session @@ -2175,6 +2175,8 @@ global $CONF, $table_alias; $stat_string = ""; + $show_alias = escape_string($show_alias); + $stat_goto = ""; $stat_result = db_query ("SELECT goto FROM $table_alias WHERE address='$show_alias'"); if ($stat_result['rows'] > 0)

Referencje:

http://sourceforge.net/p/postfixadmin/code/1650


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top