CVE-2002-2043

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*

History

20 Nov 2024, 23:42

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html - Patch () http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html - Patch
References () http://www.iss.net/security_center/static/8748.php - Patch () http://www.iss.net/security_center/static/8748.php - Patch
References () http://www.securityfocus.com/bid/4409 - Patch () http://www.securityfocus.com/bid/4409 - Patch

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:42


NVD link : CVE-2002-2043

Mitre link : CVE-2002-2043

CVE.ORG link : CVE-2002-2043


JSON object : View

Products Affected

cyrus

  • sasl