Courier-IMAP Username SQL Injection Vulnerability

A SQL injection vulnerability exists in Courier-IMAP when running in conjunction with a PostgreSQL database. This issue occurs due to insufficient sanitization of supplied usernames during authentication, which are included in a SQL query.

It is possible to modify the logic of SQL queries through exploitation of this issue. It may also allow for the exploitation of latent vulnerabilities in the underlying database implementation.


Privacy Statement
Copyright 2010, SecurityFocus