CVE-2003-1523

Опубликовано: 31 дек. 2003

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.

Ссылки

http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html
http://secunia.com/advisories/10001
Vendor Advisory
http://www.securityfocus.com/bid/8829
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/13416
http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html
http://secunia.com/advisories/10001
Vendor Advisory
http://www.securityfocus.com/bid/8829
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/13416

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dbmail:dbmail:1.0:*:*:*:*:*:*:*

cpe:2.3:a:dbmail:dbmail:1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00397

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5gcj-j7v3-fr39

github

почти 4 года назад