Back to search
CVE-2012-0811
Published: Oct 1, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
51680
vdb-entry
x_refsource_BID
[oss-security] 20120126 CVE request: PostfixAdmin SQL injections and XSS
mailing-list
x_refsource_MLIST
[oss-security] 20120127 Re: CVE request: PostfixAdmin SQL injections and XSS
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now