Horde IMP Database Files SQL Injection Vulnerabilities

Horde IMP Database Files SQL Injection Vulnerabilities

It has been reported that Imp is prone to multiple SQL injection vulnerabilities.

IMP, in some cases, does not sufficiently sanitize user-supplied input which is passed to SQL queries. As a result, it is possible to manipulate SQL queries. This may allow a remote attacker to modify query logic or potentially corrupt the database. Consequences will vary depending on the queries used and the capabilities of the underlying database implementation.

These issues occur throughout the database command files for different database implementations, for example 'lib/db.pgsql'.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.