CVE-2004-1129

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

S

QL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

References

Link	Resource
http://marc.info/?l=bugtraq&m=110137313329955&w=2
http://www.security.org.sg/vuln/cmailserver52.html
http://www.securityfocus.com/bid/11742	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18281
http://marc.info/?l=bugtraq&m=110137313329955&w=2
http://www.security.org.sg/vuln/cmailserver52.html
http://www.securityfocus.com/bid/11742	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18281

Configurations

Configuration 1 (hide)

cpe:2.3:a:youngzsoft:cmailserver:5.2.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:50

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110137313329955&w=2 -~~	() http://marc.info/?l=bugtraq&m=110137313329955&w=2 -
References	~~() http://www.security.org.sg/vuln/cmailserver52.html -~~	() http://www.security.org.sg/vuln/cmailserver52.html -
References	~~() http://www.securityfocus.com/bid/11742 - Vendor Advisory~~	() http://www.securityfocus.com/bid/11742 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18281 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18281 -

Information

Published : 2005-01-10 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1129

Mitre link : CVE-2004-1129

CVE.ORG link : CVE-2004-1129

JSON object : View

Products Affected

cmailserver

CWE

NVD-CWE-Other

{"id": "CVE-2004-1129", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110137313329955&w=2", "source": "[email protected]"}, {"url": "http://www.security.org.sg/vuln/cmailserver52.html", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/11742", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18281", "source": "[email protected]"}, {"url": "http://marc.info/?l=bugtraq&m=110137313329955&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.security.org.sg/vuln/cmailserver52.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11742", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18281", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:youngzsoft:cmailserver:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65706226-7DD3-4F68-9E17-09E086AA7CF8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}