Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / CGI abuses / Horde IMP mailbox.php3 Multiple Variable SQL Injection
server monitoring

Horde IMP mailbox.php3 Multiple Variable SQL Injection
Article ID: 11488
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 825
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

Horde IMP mailbox.php3 Multiple Variable SQL Injection
This script is Copyright (C) 2003-2009 Tenable Network Security, Inc.

FamilyCGI abuses
Plugin ID11488
Bugtraq ID6559
CVE IDCVE-2003-0025

Description:

The remote server is running IMP.

There is a bug in this release which allow an attacker to perform
an SQL injection attack by requesting :
/imp/mailbox.php3?actionID=6&server=x&imapuser=x&pass=x

An attacker may use this flaw to gain unauthorized access to a user
mailbox or to take the control of the remote database.

Solution : Upgrade to the latest version
Risk factor : High
This article was:   Helpful | Not Helpful
Prev   Next
PHP Live Helper Multiple Remote File Include Vulnerabilities     Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events