FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postfixadmin -- SQL injection vulnerability

Affected packages
postfixadmin < 2.3.7

Details

VuXML ID ff98087f-0a8f-11e4-b00b-5453ed2e2b49
Discovery 2014-03-28
Entry 2014-07-13

Thijs Kinkhorst reports:

Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases.

References

Bugtraq ID 66455
CVE Name CVE-2014-2655
FreeBSD PR 189248
Message http://www.openwall.com/lists/oss-security/2014/03/26/6
URL https://www.debian.org/security/2014/dsa-2889