CVE-2007-10002 HIGH

CVE-2007-10002: web-cyradm auth.inc.php sql injection

Vendor N/A
Product web-cyradm
Weakness CWE-89 · SQLi
Published January 8, 2023
Last update April 9, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.

Key dates

02Disclosure timeline

January 8, 2023 CVE published
April 9, 2025 Record updated