A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.217640 | Third Party Advisory |
https://vuldb.com/?id.217640 | Third Party Advisory |
https://github.com/web-cyradm/web-cyradm/commit/2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f | Patch Third Party Advisory |
Configurations
Information
Published : 2023-01-08 02:15
Updated : 2023-01-12 09:26
NVD link : CVE-2007-10002
Mitre link : CVE-2007-10002
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
web-cyradm_project
- web-cyradm