CVE-2014-2655
Published: 2 April 2014
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
Priority
Status
Package | Release | Status |
---|---|---|
postfixadmin Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Released
(2.3.5-2+deb7u1build0.12.10.1)
|
|
saucy |
Released
(2.3.5-2+deb7u1build0.13.10.1)
|
|
upstream |
Needs triage
|