CVE-2004-1113 - SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attack

CVE-2004-1113

Summary

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.

References

Vulnerable Configurations

cpe:2.3:a:sqlgrey:sqlgrey_postfix_greylisting_service:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sqlgrey:sqlgrey_postfix_greylisting_service:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sqlgrey:sqlgrey_postfix_greylisting_service:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sqlgrey:sqlgrey_postfix_greylisting_service:1.1.3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	11633
confirm	http://sourceforge.net/project/shownotes.php?release_id=281256
secunia	13135
trustix	2004-0058
xf	sqlgrey-postfix-sql-injection(17998)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30