PRIOn knowledge basePRION:CVE-2006-2824Design/Logic Flaw
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.5%
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka “bug #1494281 - Postgres encoding security hole.” NOTE: while this issue involves PostgreSQL, it is specific to MailManager’s interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mailmanager | eq | 2.0 | |
| mailmanager | eq | 2.0.8 | |
| mailmanager | eq | 2.0.0-r7 | |
| mailmanager | eq | 2.0.1 | |
| mailmanager | eq | 2.0.7 | |
| mailmanager | eq | 2.0.2 | |
| mailmanager | eq | 2.0.1-rc2 | |
| mailmanager | eq | 2.0.6 | |
| mailmanager | eq | 2.0.9 | |
| mailmanager | eq | 2.0.5 |
Related
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.5%