remote system compromise in imp

2003-02-18T17:26:49
ID SUSE-SA:2003:0008
Type suse
Reporter Suse
Modified 2003-02-18T17:26:49

Description

IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attacker can gain access to protected information or, in conjunction with PostgreSQL, execute shell commands remotely.