CVE-2003-0025

Current Description

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

Basic Data

PublishedJanuary 17, 2003
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHordeImp2.2*******
    2.3ApplicationHordeImp2.2.1*******
    2.3ApplicationHordeImp2.2.2*******
    2.3ApplicationHordeImp2.2.3*******
    2.3ApplicationHordeImp2.2.4*******
    2.3ApplicationHordeImp2.2.5*******
    2.3ApplicationHordeImp2.2.6*******
    2.3ApplicationHordeImp2.2.7*******
    2.3ApplicationHordeImp2.2.8*******

Vulnerable Software List

VendorProductVersions
Horde Imp 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

References

NameSourceURLTags
20030108 IMP 2.x SQL injection vulnerabilitieshttp://marc.info/?l=bugtraq&m=104204786206563&w=2BUGTRAQ
8087http://secunia.com/advisories/8087SECUNIA
8177http://secunia.com/advisories/8177SECUNIA
DSA-229http://www.debian.org/security/2003/dsa-229DEBIANPATCH Vendor Advisory
20030108 Re: IMP 2.x SQL injection vulnerabilitieshttp://www.securityfocus.com/archive/1/306268BUGTRAQ
6559http://www.securityfocus.com/bid/6559BID
1005904http://www.securitytracker.com/id?1005904SECTRACK