Vulnerability Description
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Double Precision Incorporated | Courier Mta | 0.37.3 |
| Inter7 | Courier-Imap | 1.6 |
References
- http://www.debian.org/security/2003/dsa-247PatchVendor Advisory
- http://www.securityfocus.com/bid/6738PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11213
- http://www.debian.org/security/2003/dsa-247PatchVendor Advisory
- http://www.securityfocus.com/bid/6738PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11213
FAQ
What is CVE-2003-0040?
CVE-2003-0040 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
How severe is CVE-2003-0040?
CVE-2003-0040 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0040?
Check the references section above for vendor advisories and patch information. Affected products include: Double Precision Incorporated Courier Mta, Inter7 Courier-Imap.