CVE-2012-0811: SQL Injection

First published: Wed Oct 01 2014(Updated: )

Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Postfix Postfix	<=2.3.4
Postfix Postfix	=2.0.0
Postfix Postfix	=2.0.1
Postfix Postfix	=2.0.2
Postfix Postfix	=2.0.3
Postfix Postfix	=2.0.4
Postfix Postfix	=2.0.5
Postfix Postfix	=2.0.6
Postfix Postfix	=2.0.7
Postfix Postfix	=2.0.8
Postfix Postfix	=2.0.9
Postfix Postfix	=2.0.10
Postfix Postfix	=2.0.11
Postfix Postfix	=2.0.12
Postfix Postfix	=2.0.13
Postfix Postfix	=2.0.14
Postfix Postfix	=2.0.15
Postfix Postfix	=2.0.16
Postfix Postfix	=2.0.17
Postfix Postfix	=2.0.18
Postfix Postfix	=2.0.19
Postfix Postfix	=2.1.0
Postfix Postfix	=2.1.1
Postfix Postfix	=2.1.2
Postfix Postfix	=2.1.3
Postfix Postfix	=2.1.4
Postfix Postfix	=2.1.5
Postfix Postfix	=2.1.6
Postfix Postfix	=2.2.0
Postfix Postfix	=2.2.1
Postfix Postfix	=2.2.2
Postfix Postfix	=2.2.3
Postfix Postfix	=2.2.4
Postfix Postfix	=2.2.5
Postfix Postfix	=2.2.6
Postfix Postfix	=2.2.7
Postfix Postfix	=2.2.8
Postfix Postfix	=2.2.9
Postfix Postfix	=2.2.10
Postfix Postfix	=2.2.11
Postfix Postfix	=2.2.12
Postfix Postfix	=2.3
Postfix Postfix	=2.3.1
Postfix Postfix	=2.3.2
Postfix Postfix	=2.3.3

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/tags
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/postfix
canonical/postfix postfix
version/postfix postfix/2.3.4
version/postfix postfix/2.0.0
version/postfix postfix/2.0.1
version/postfix postfix/2.0.2
version/postfix postfix/2.0.3
version/postfix postfix/2.0.4
version/postfix postfix/2.0.5
version/postfix postfix/2.0.6
version/postfix postfix/2.0.7
version/postfix postfix/2.0.8
version/postfix postfix/2.0.9
version/postfix postfix/2.0.10
version/postfix postfix/2.0.11
version/postfix postfix/2.0.12
version/postfix postfix/2.0.13
version/postfix postfix/2.0.14
version/postfix postfix/2.0.15
version/postfix postfix/2.0.16
version/postfix postfix/2.0.17
version/postfix postfix/2.0.18
version/postfix postfix/2.0.19
version/postfix postfix/2.1.0
version/postfix postfix/2.1.1
version/postfix postfix/2.1.2
version/postfix postfix/2.1.3
version/postfix postfix/2.1.4
version/postfix postfix/2.1.5
version/postfix postfix/2.1.6
version/postfix postfix/2.2.0
version/postfix postfix/2.2.1
version/postfix postfix/2.2.2
version/postfix postfix/2.2.3
version/postfix postfix/2.2.4
version/postfix postfix/2.2.5
version/postfix postfix/2.2.6
version/postfix postfix/2.2.7
version/postfix postfix/2.2.8
version/postfix postfix/2.2.9
version/postfix postfix/2.2.10
version/postfix postfix/2.2.11
version/postfix postfix/2.2.12
version/postfix postfix/2.3
version/postfix postfix/2.3.1
version/postfix postfix/2.3.2
version/postfix postfix/2.3.3

CVE-2012-0811: SQL Injection

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact