CVE-2004-0521
published 2004-08-18CVE-2004-0521: SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via…
PriorityP335critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.15%
86.3th percentile
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sgi | propack | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-04-27·CVSS 10.0
CVE-2004-0521 [CRITICAL] security flaw
security flaw
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
GHSA
GHSA-fq7g-8p9p-2pcj: SQL injection vulnerability in SquirrelMail before 1
ghsa_unreviewed·2022-05-03
CVE-2004-0521 [HIGH] GHSA-fq7g-8p9p-2pcj: SQL injection vulnerability in SquirrelMail before 1
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
No detection rules found.
No public exploits indexed.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858http://marc.info/?l=squirrelmail-cvs&m=108309375029888http://marc.info/?l=squirrelmail-cvs&m=108532891231712http://rhn.redhat.com/errata/RHSA-2004-240.htmlhttp://secunia.com/advisories/11685http://secunia.com/advisories/11686http://secunia.com/advisories/11870http://secunia.com/advisories/12289http://security.gentoo.org/glsa/glsa-200405-16.xmlhttp://www.ciac.org/ciac/bulletins/o-212.shtmlhttp://www.debian.org/security/2004/dsa-535http://www.osvdb.org/6841http://www.securityfocus.com/advisories/6827http://www.securityfocus.com/advisories/7148http://www.securityfocus.com/bid/10397https://bugzilla.fedora.us/show_bug.cgi?id=1733https://exchange.xforce.ibmcloud.com/vulnerabilities/16235https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858http://marc.info/?l=squirrelmail-cvs&m=108309375029888http://marc.info/?l=squirrelmail-cvs&m=108532891231712http://rhn.redhat.com/errata/RHSA-2004-240.htmlhttp://secunia.com/advisories/11685http://secunia.com/advisories/11686http://secunia.com/advisories/11870http://secunia.com/advisories/12289http://security.gentoo.org/glsa/glsa-200405-16.xmlhttp://www.ciac.org/ciac/bulletins/o-212.shtmlhttp://www.debian.org/security/2004/dsa-535http://www.osvdb.org/6841http://www.securityfocus.com/advisories/6827http://www.securityfocus.com/advisories/7148http://www.securityfocus.com/bid/10397https://bugzilla.fedora.us/show_bug.cgi?id=1733https://exchange.xforce.ibmcloud.com/vulnerabilities/16235https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446
2004-08-18
Published