Vulnerability Details : CVE-2012-0811
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
Vulnerability category: Sql Injection
Threat overview for CVE-2012-0811
Top countries where our scanners detected CVE-2012-0811
Top open port discovered on systems with this issue
26
IPs affected by CVE-2012-0811 1
Find out if you* are
affected by CVE-2012-0811!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0811
Probability of exploitation activity in the next 30 days: 0.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0811
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2012-0811
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0811
-
http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin
CODSEQ : advisoriesExploit
-
http://www.openwall.com/lists/oss-security/2012/01/27/5
oss-security - Re: CVE request: PostfixAdmin SQL injections and XSS
-
https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT
-
http://www.securityfocus.com/bid/51680
Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
-
http://www.openwall.com/lists/oss-security/2012/01/26/5
oss-security - CVE request: PostfixAdmin SQL injections and XSS
Products affected by CVE-2012-0811
- cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.7:*:*:*:*:*:*:*