iXmail index.php password Parameter SQL Injection

high Nessus Plugin ID 11782

Language:

Synopsis

The remote web server is vulnerable to a SQL injection attack.

Description

The remote host is running the iXmail webmail interface.

There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of index.php.

An attacker may use this flaw to gain unauthorized access on this host, or to gain the control of the remote database.

Solution

Upgrade to iXMail 0.4.

Plugin Details

Severity: High

ID: 11782

File Name: ixmail_sql_injection.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 6/27/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 8047

Detections

Analytics