Lucene search
MitreCVE-2014-2655HistoryApr 02, 2014 - 4:06 p.m.
CVE-2014-2655
2014-04-0216:06:02
CWE-89
mitre
web.nvd.nist.gov
42
cve-2014-2655
sql injection
vulnerability
postfix admin
functions.inc.php
nvd
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
65.3%
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
Affected configurations
Node
postfix_admin_projectpostfix_adminRange≤2.3.6
ORpostfix_admin_projectpostfix_adminMatch2.2.1.1
ORpostfix_admin_projectpostfix_adminMatch2.3
ORpostfix_admin_projectpostfix_adminMatch2.3.1
ORpostfix_admin_projectpostfix_adminMatch2.3.2
ORpostfix_admin_projectpostfix_adminMatch2.3.3
ORpostfix_admin_projectpostfix_adminMatch2.3.4
ORpostfix_admin_projectpostfix_adminMatch2.3.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| postfix_admin_project | postfix_admin | * | cpe:2.3:a:postfix_admin_project:postfix_admin:*:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.2.1.1 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.2.1.1:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3.1 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.1:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3.2 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.2:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3.3 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.3:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3.4 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.4:*:*:*:*:*:*:* |
| postfix_admin_project | postfix_admin | 2.3.5 | cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.5:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-2655
2014-04-02 14:00:00
nessus
nessus
Debian DSA-2889-1 : postfixadmin - security update
2014-03-31 00:00:00
openSUSE Security Update : PostfixAdmin (openSUSE-SU-2014:0715-1)
2014-06-13 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2889-1] postfixadmin security update
2014-05-05 00:00:00
nvd
nvd
CVE-2014-2655
2014-04-02 16:06:02
openvas
openvas
Debian Security Advisory DSA 2889-1 (postfixadmin - security update)
2014-03-28 00:00:00
Debian: Security Advisory (DSA-2889-1)
2014-03-27 00:00:00
freebsd
freebsd
postfixadmin -- SQL injection vulnerability
2014-03-28 00:00:00
seebug
seebug
Postfix Admin 'functions.inc.php' SQL注入漏洞
2014-03-28 00:00:00
debiancve
debiancve
CVE-2014-2655
2014-04-02 16:06:02
osv
osv
postfixadmin - security update
2014-03-28 00:00:00
postfixadmin-3.0-1.1 on GA media
2024-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2014-2655
2014-04-02 00:00:00
debian
debian
[SECURITY] [DSA 2889-1] postfixadmin security update
2014-03-28 07:04:35
prion
prion
Sql injection
2014-04-02 16:06:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
65.3%
Related for CVE-2014-2655