CVE-2003-0025 — SQL Injection in IMP

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Horde IMP

Timeline

PublishedJan 17

Latest updateApr 29

Description

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDhorde/imp9 versions+8

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-gxcm-7q4w-hgwc: Multiple SQL injection vulnerabilities in IMP 2↗2022-04-29

▶