CVE-2002-2043: SQL Injection
First published: Tue Dec 31 2002(Updated: )
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cyrus SASL | =1.5.24 | |
| Cyrus SASL | =1.5.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-2043?
CVE-2002-2043 is considered a medium to high severity vulnerability due to potential unauthorized access to user accounts.
How do I fix CVE-2002-2043?
To fix CVE-2002-2043, upgrade to a later version of Cyrus SASL that is not affected, specifically beyond 1.5.27.
What types of systems are affected by CVE-2002-2043?
CVE-2002-2043 affects systems running Cyrus SASL versions 1.5.24 and 1.5.27 with LDAP and MySQL authentication.
Can CVE-2002-2043 be exploited remotely?
Yes, CVE-2002-2043 can be exploited remotely by attackers to execute arbitrary SQL commands.
What are the potential impacts of exploiting CVE-2002-2043?
Exploitation of CVE-2002-2043 could allow attackers to gain unauthorized access to POP mail user accounts.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cyrus
- canonical/cyrus sasl
- version/cyrus sasl/1.5.24
- version/cyrus sasl/1.5.27