HIGH🇬🇧 English

CVE-2003-0025

CVSS 7.5v2.0pub. 2003-01-17upd. 2026-04-16

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Horde Imp

    APP
    Horde
    2.22.2.12.2.22.2.32.2.42.2.52.2.62.2.72.2.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2002-0181HIGH7.5ten sam produkt

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...

CVE-2001-1257HIGH7.5ten sam produkt

Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows rem...

CVE-2012-5565MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0...

CVE-2012-6640MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde ...

CVE-2012-0791MEDIUM4.3ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edi...