Vulnerability Description
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Youngzsoft | Cmailserver | 5.2.0 |
References
- http://marc.info/?l=bugtraq&m=110137313329955&w=2
- http://www.security.org.sg/vuln/cmailserver52.html
- http://www.securityfocus.com/bid/11742Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18281
- http://marc.info/?l=bugtraq&m=110137313329955&w=2
- http://www.security.org.sg/vuln/cmailserver52.html
- http://www.securityfocus.com/bid/11742Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18281
FAQ
What is CVE-2004-1129?
CVE-2004-1129 is a vulnerability with a CVSS score of 10.0 (HIGH). SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and dele...
How severe is CVE-2004-1129?
CVE-2004-1129 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1129?
Check the references section above for vendor advisories and patch information. Affected products include: Youngzsoft Cmailserver.