CVE-2003-0040

2004-09-0104:00:00

mitre

web.nvd.nist.gov

sql injection

postgresql

auth module

courier

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

Affected configurations

Nvd

Node

double_precision_incorporatedcourier_mtaMatch0.37.3

inter7courier-imapMatch1.6

VendorProductVersionCPE
double_precision_incorporatedcourier_mta0.37.3cpe:2.3:a:double_precision_incorporated:courier_mta:0.37.3:*:*:*:*:*:*:*
inter7courier-imap1.6cpe:2.3:a:inter7:courier-imap:1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
double_precision_incorporated	courier_mta	0.37.3	cpe:2.3:a:double_precision_incorporated:courier_mta:0.37.3:::::::*
inter7	courier-imap	1.6	cpe:2.3:a:inter7:courier-imap:1.6:::::::*