CVE-2014-2655
Published Apr 2, 2014
Last updated 10 years ago
Overview
- Description
- SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDFCDDE0-2E89-437E-9A85-ED607F9E5FCE",
"versionEndIncluding": "2.3.6"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F07C816-6216-4008-8DD7-557393CD3A0B"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0B480AC-0A9C-4C90-B242-D8493A01E816"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0D94119-E897-4280-857E-4F97386D1955"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0104EE93-5F4F-46A3-89A7-FDEC77AC0847"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E8132E0-1346-4017-8890-0BBBB1F3181D"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4F912CB-86E5-479A-8366-C41052CFA0AB"
},
{
"criteria": "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCE42A10-5047-4B12-ADCF-F3A7E8E0A50A"
}
],
"operator": "OR"
}
]
}
]