GLSA-201209-18 : Postfixadmin: Multiple vulnerabilities
High Nessus Plugin ID 62360
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201209-18 (Postfixadmin: Multiple vulnerabilities)
Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site scripting vulnerabilities (CVE-2012-0812) have been found in Postfixadmin.
A remote attacker could exploit these vulnerabilities to execute arbitrary SQL statements or arbitrary HTML and script code.
There is no known workaround at this time.
SolutionAll Postfixadmin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/postfixadmin-2.3.5'