CVE-2004-1129

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=110137313329955&w=2
http://www.security.org.sg/vuln/cmailserver52.html
http://www.securityfocus.com/bid/11742	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18281
http://marc.info/?l=bugtraq&m=110137313329955&w=2
http://www.security.org.sg/vuln/cmailserver52.html
http://www.securityfocus.com/bid/11742	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18281

Configurations

Configuration 1 (hide)

cpe:2.3:a:youngzsoft:cmailserver:5.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-01-10 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1129

Mitre link : CVE-2004-1129

CVE.ORG link : CVE-2004-1129

JSON object : View

Products Affected

youngzsoft

cmailserver

CWE

NVD-CWE-Other

{"id": "CVE-2004-1129", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110137313329955&w=2", "source": "cve@mitre.org"}, {"url": "http://www.security.org.sg/vuln/cmailserver52.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11742", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18281", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110137313329955&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.security.org.sg/vuln/cmailserver52.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11742", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18281", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:youngzsoft:cmailserver:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65706226-7DD3-4F68-9E17-09E086AA7CF8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}