CVE-2014-2655

Published Apr 2, 2014

Last updated 3 months ago

CVSS info 6.5

Overview

Description: SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDFCDDE0-2E89-437E-9A85-ED607F9E5FCE",
            "versionEndIncluding": "2.3.6"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F07C816-6216-4008-8DD7-557393CD3A0B"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0B480AC-0A9C-4C90-B242-D8493A01E816"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0D94119-E897-4280-857E-4F97386D1955"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0104EE93-5F4F-46A3-89A7-FDEC77AC0847"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E8132E0-1346-4017-8890-0BBBB1F3181D"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F912CB-86E5-479A-8366-C41052CFA0AB"
          },
          {
            "criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCE42A10-5047-4B12-ADCF-F3A7E8E0A50A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References