oss-sec mailing list archives
CVE request: postfixadmin SQL injection vulnerability
From: Thijs Kinkhorst <thijs () debian org>
Date: Wed, 26 Mar 2014 14:19:52 +0100
Hi, Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases. If the alias contains SQL code, the list-virtual.php overview triggers the vulnerability. The vulnerability was fixed upstream in this commit: http://sourceforge.net/p/postfixadmin/code/1650 Please assign a CVE name for this issue. Thanks, Thijs Kinkhorst Debian Security Team
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: postfixadmin SQL injection vulnerability Thijs Kinkhorst (Mar 26)
- Re: CVE request: postfixadmin SQL injection vulnerability cve-assign (Mar 26)