CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1129

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0910%
EPSS Percentile7.75th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

Affected Platforms (CPE)

πŸ“¦
Youngzsoft

Cmailserver

= 5.2.0

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110137313329955&w=2
πŸ”— http://www.security.org.sg/vuln/cmailserver52.html
πŸ”— http://www.securityfocus.com/bid/11742
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18281
πŸ”— http://marc.info/?l=bugtraq&m=110137313329955&w=2
πŸ”— http://www.security.org.sg/vuln/cmailserver52.html
πŸ”— http://www.securityfocus.com/bid/11742
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18281

Related Vulnerabilities

CVE-2003-028010.0

Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary cod...

CVE-2004-112810.0

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long...

CVE-2008-69229.3

Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a ...

CVE-2002-07997.5

Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.