CVE-2012-0811
Summary
| CVE | CVE-2012-0811 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-10-01 14:55:00 UTC |
| Updated | 2014-10-02 16:39:00 UTC |
| Description | Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Postfix | Postfix | 2.0.0 | All | All | All |
| Application | Postfix | Postfix | 2.0.1 | All | All | All |
| Application | Postfix | Postfix | 2.0.10 | All | All | All |
| Application | Postfix | Postfix | 2.0.11 | All | All | All |
| Application | Postfix | Postfix | 2.0.12 | All | All | All |
| Application | Postfix | Postfix | 2.0.13 | All | All | All |
| Application | Postfix | Postfix | 2.0.14 | All | All | All |
| Application | Postfix | Postfix | 2.0.15 | All | All | All |
| Application | Postfix | Postfix | 2.0.16 | All | All | All |
| Application | Postfix | Postfix | 2.0.17 | All | All | All |
| Application | Postfix | Postfix | 2.0.18 | All | All | All |
| Application | Postfix | Postfix | 2.0.19 | All | All | All |
| Application | Postfix | Postfix | 2.0.2 | All | All | All |
| Application | Postfix | Postfix | 2.0.3 | All | All | All |
| Application | Postfix | Postfix | 2.0.4 | All | All | All |
| Application | Postfix | Postfix | 2.0.5 | All | All | All |
| Application | Postfix | Postfix | 2.0.6 | All | All | All |
| Application | Postfix | Postfix | 2.0.7 | All | All | All |
| Application | Postfix | Postfix | 2.0.8 | All | All | All |
| Application | Postfix | Postfix | 2.0.9 | All | All | All |
| Application | Postfix | Postfix | 2.1.0 | All | All | All |
| Application | Postfix | Postfix | 2.1.1 | All | All | All |
| Application | Postfix | Postfix | 2.1.2 | All | All | All |
| Application | Postfix | Postfix | 2.1.3 | All | All | All |
| Application | Postfix | Postfix | 2.1.4 | All | All | All |
| Application | Postfix | Postfix | 2.1.5 | All | All | All |
| Application | Postfix | Postfix | 2.1.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.0 | All | All | All |
| Application | Postfix | Postfix | 2.2.1 | All | All | All |
| Application | Postfix | Postfix | 2.2.10 | All | All | All |
| Application | Postfix | Postfix | 2.2.11 | All | All | All |
| Application | Postfix | Postfix | 2.2.12 | All | All | All |
| Application | Postfix | Postfix | 2.2.2 | All | All | All |
| Application | Postfix | Postfix | 2.2.3 | All | All | All |
| Application | Postfix | Postfix | 2.2.4 | All | All | All |
| Application | Postfix | Postfix | 2.2.5 | All | All | All |
| Application | Postfix | Postfix | 2.2.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.7 | All | All | All |
| Application | Postfix | Postfix | 2.2.8 | All | All | All |
| Application | Postfix | Postfix | 2.2.9 | All | All | All |
| Application | Postfix | Postfix | 2.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.1 | All | All | All |
| Application | Postfix | Postfix | 2.3.2 | All | All | All |
| Application | Postfix | Postfix | 2.3.3 | All | All | All |
| Application | Postfix | Postfix | 2.0.0 | All | All | All |
| Application | Postfix | Postfix | 2.0.1 | All | All | All |
| Application | Postfix | Postfix | 2.0.10 | All | All | All |
| Application | Postfix | Postfix | 2.0.11 | All | All | All |
| Application | Postfix | Postfix | 2.0.12 | All | All | All |
| Application | Postfix | Postfix | 2.0.13 | All | All | All |
| Application | Postfix | Postfix | 2.0.14 | All | All | All |
| Application | Postfix | Postfix | 2.0.15 | All | All | All |
| Application | Postfix | Postfix | 2.0.16 | All | All | All |
| Application | Postfix | Postfix | 2.0.17 | All | All | All |
| Application | Postfix | Postfix | 2.0.18 | All | All | All |
| Application | Postfix | Postfix | 2.0.19 | All | All | All |
| Application | Postfix | Postfix | 2.0.2 | All | All | All |
| Application | Postfix | Postfix | 2.0.3 | All | All | All |
| Application | Postfix | Postfix | 2.0.4 | All | All | All |
| Application | Postfix | Postfix | 2.0.5 | All | All | All |
| Application | Postfix | Postfix | 2.0.6 | All | All | All |
| Application | Postfix | Postfix | 2.0.7 | All | All | All |
| Application | Postfix | Postfix | 2.0.8 | All | All | All |
| Application | Postfix | Postfix | 2.0.9 | All | All | All |
| Application | Postfix | Postfix | 2.1.0 | All | All | All |
| Application | Postfix | Postfix | 2.1.1 | All | All | All |
| Application | Postfix | Postfix | 2.1.2 | All | All | All |
| Application | Postfix | Postfix | 2.1.3 | All | All | All |
| Application | Postfix | Postfix | 2.1.4 | All | All | All |
| Application | Postfix | Postfix | 2.1.5 | All | All | All |
| Application | Postfix | Postfix | 2.1.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.0 | All | All | All |
| Application | Postfix | Postfix | 2.2.1 | All | All | All |
| Application | Postfix | Postfix | 2.2.10 | All | All | All |
| Application | Postfix | Postfix | 2.2.11 | All | All | All |
| Application | Postfix | Postfix | 2.2.12 | All | All | All |
| Application | Postfix | Postfix | 2.2.2 | All | All | All |
| Application | Postfix | Postfix | 2.2.3 | All | All | All |
| Application | Postfix | Postfix | 2.2.4 | All | All | All |
| Application | Postfix | Postfix | 2.2.5 | All | All | All |
| Application | Postfix | Postfix | 2.2.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.7 | All | All | All |
| Application | Postfix | Postfix | 2.2.8 | All | All | All |
| Application | Postfix | Postfix | 2.2.9 | All | All | All |
| Application | Postfix | Postfix | 2.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.1 | All | All | All |
| Application | Postfix | Postfix | 2.3.2 | All | All | All |
| Application | Postfix | Postfix | 2.3.3 | All | All | All |
| Application | Postfix | Postfix | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| CODSEQ : advisories | MISC | www.codseq.it | Exploit |
| svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT | CONFIRM | svn.code.sf.net | |
| oss-security - CVE request: PostfixAdmin SQL injections and XSS | MLIST | www.openwall.com | |
| oss-security - Re: CVE request: PostfixAdmin SQL injections and XSS | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.