Описание
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Отчет
The following conditions have to be met for being vulnerable:
- Exim Version 4.98
- Build time option USE_SQLITE is set (it enables the use of SQLite
for the hints databases) -- check the output of
exim -bV, whether it contains
- Runtime config enables ETRN (
acl_smtp_etrnreturns accept (defaults to deny)) - Runtime config enforces ETRN serialization (
smtp_etrn_serializeis set to true (defaults to true))
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are ...
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Уязвимость функций SQLite hints и ETRN serialization почтового сервера Exim, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3