Debian Postfixadmin vulnerabilities

4 known vulnerabilities affecting debian/postfixadmin.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2017-5930LOWCVSS 2.7PoCfixed in postfixadmin 3.0.2-1 (bookworm)2017
CVE-2017-5930 [LOW] CVE-2017-5930: postfixadmin - The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authentica... The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. Scope: local bookworm: resolved (fixed in 3.0.2-1) forky: resolved (fixed in 3.0.2-1) sid: resolved (fixed in 3.0.2-1) trixie: resolved (fixed in 3.0.2-1)
debian
CVE-2014-2655MEDIUMCVSS 6.5fixed in postfixadmin 2.3.5-3 (bookworm)2014
CVE-2014-2655 [MEDIUM] CVE-2014-2655: postfixadmin - SQL injection vulnerability in the gen_show_status function in functions.inc.php... SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. Scope: local bookworm: resolved (fixed in 2.3.5-3) forky: resolved (fixed in 2.3.5-3) sid: resolved (fixed in 2.3.5-3) trixie: resolved (fixed in 2.
debian
CVE-2012-0811MEDIUMCVSS 6.5fixed in postfixadmin 2.3.5-1 (bookworm)2012
CVE-2012-0811 [MEDIUM] CVE-2012-0811: postfixadmin - Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) befor... Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. Scope: local bookworm: resolved (fixed in
debian
CVE-2012-0812MEDIUMCVSS 6.1fixed in postfixadmin 2.3.5-1 (bookworm)2012
CVE-2012-0812 [MEDIUM] CVE-2012-0812: postfixadmin - PostfixAdmin 2.3.4 has multiple XSS vulnerabilities PostfixAdmin 2.3.4 has multiple XSS vulnerabilities Scope: local bookworm: resolved (fixed in 2.3.5-1) forky: resolved (fixed in 2.3.5-1) sid: resolved (fixed in 2.3.5-1) trixie: resolved (fixed in 2.3.5-1)
debian