FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0811

This CVE name corresponds to:

Entered Topic
2012-01-27 postfixadmin -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-0811
Phase Assigned(20120119)

Description

Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.

References

Source Reference
MLIST [oss-security] 20120126 CVE request: PostfixAdmin SQL injections and XSS
MLIST [oss-security] 20120127 Re: CVE request: PostfixAdmin SQL injections and XSS
MISC http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin
CONFIRM https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT
BID 51680