Candidate: CVE-2014-2655
PublicDate: 2014-04-02 16:06:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2655
Description:
 SQL injection vulnerability in the gen_show_status function in
 functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows
 remote authenticated users to execute arbitrary SQL commands via a new
 alias.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_postfixadmin:
upstream_postfixadmin: needs-triage
lucid_postfixadmin: DNE
precise_postfixadmin: DNE
quantal_postfixadmin: released (2.3.5-2+deb7u1build0.12.10.1)
saucy_postfixadmin: released (2.3.5-2+deb7u1build0.13.10.1)
devel_postfixadmin: not-affected (2.3.5-3)