CVE-2004-0521

Current Description

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

Basic Data

PublishedAugust 18, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSgiPropack3.0*******
    2.3ApplicationSquirrelmailSquirrelmail1.0.4*******
    2.3ApplicationSquirrelmailSquirrelmail1.0.5*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.0*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.1*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.2*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.3*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.4*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.5*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.6*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.7*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.8*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.9*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.10*******
    2.3ApplicationSquirrelmailSquirrelmail1.2.11*******
    2.3ApplicationSquirrelmailSquirrelmail1.4*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.1*******
    2.3ApplicationSquirrelmailSquirrelmail1.4.2*******

Vulnerable Software List

VendorProductVersions
Squirrelmail Squirrelmail 1.0.4, 1.0.5, 1.2.0, 1.2.1, 1.2.10, 1.2.11, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.4, 1.4.1, 1.4.2
Sgi Propack 3.0

References

NameSourceURLTags
20040604-01-Uftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.ascSGI
CLA-2004:858http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858CONECTIVA
[squirrelmail-cvs] 20040427 [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2http://marc.info/?l=squirrelmail-cvs&m=108309375029888MLIST
[squirrelmail-devel] 20040511 [SM-DEVEL] SquirrelMail 1.4.3-RC1 Releasehttp://marc.info/?l=squirrelmail-cvs&m=108532891231712MLIST
RHSA-2004:240http://rhn.redhat.com/errata/RHSA-2004-240.htmlREDHAT
11685http://secunia.com/advisories/11685SECUNIA
11686http://secunia.com/advisories/11686SECUNIA
11870http://secunia.com/advisories/11870SECUNIA
12289http://secunia.com/advisories/12289SECUNIA
GLSA-200405-16http://security.gentoo.org/glsa/glsa-200405-16.xmlGENTOOVendor Advisory
O-212http://www.ciac.org/ciac/bulletins/o-212.shtmlCIAC
DSA-535http://www.debian.org/security/2004/dsa-535DEBIAN
6841http://www.osvdb.org/6841OSVDB
FEDORA-2004-160http://www.securityfocus.com/advisories/6827FEDORA
APPLE-SA-2004-09-07http://www.securityfocus.com/advisories/7148APPLE
10397http://www.securityfocus.com/bid/10397BIDPATCH Vendor Advisory
FEDORA-2004-1733https://bugzilla.fedora.us/show_bug.cgi?id=1733FEDORA
squirrelmail-sql-injection(16235)https://exchange.xforce.ibmcloud.com/vulnerabilities/16235XF
oval:org.mitre.oval:def:1033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033OVAL
oval:org.mitre.oval:def:11446https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446OVAL