Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cyrus SASL LDAP+MySQL验证补丁SQL命令执行漏洞
Vulnerability Description
Cyrus SASL LDAP+MySQL是一款免费开放源代码增强补丁,设计用于Unix和Linux操作系统平台下。 Cyrus SASL LDAP+MySQL补丁由于设计错误,可以导致远程用户无需密码就可以绕过验证访问其他用户邮箱。 由于对用户提交的输入没有充分的检查,远程用户可以通过构建特殊的SQL命令提交给密码验证处理过程,由于对提交的SQL命令输入判断错误,可导致攻击者不需要密码就可以访问其他用户帐户信息。
CVSS Information
N/A
Vulnerability Type
N/A