Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Horde IMP数据库文件SQL注入漏洞
Vulnerability Description
IMP是一款基于Web的强大的邮件程序,它由Horde项目组开发。可使用在Linux/Unix或者Microsoft Windows操作系统下。 Horde IMP没有充分过滤用户提交传递给SQL查询的输入,远程攻击者可以利用这个漏洞进行SQL注入攻击,可能破坏数据库或获得数据库信息等其他恶意活动。 漏洞存在于数据库文件lib/db.<databasename>中的部分数据库函数,如db.pgsql中的check_prefs: $sql="select username from $default->db
CVSS Information
N/A
Vulnerability Type
N/A