Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Imp | Horde | 2.2 | 2.2 |
Imp | Horde | 2.2.1 | 2.2.1 |
Imp | Horde | 2.2.2 | 2.2.2 |
Imp | Horde | 2.2.3 | 2.2.3 |
Imp | Horde | 2.2.4 | 2.2.4 |
Imp | Horde | 2.2.5 | 2.2.5 |
Imp | Horde | 2.2.6 | 2.2.6 |
Imp | Horde | 2.2.7 | 2.2.7 |
Imp | Horde | 2.2.8 | 2.2.8 |