Remote authenticated domain admins can delete protected aliases in PostfixAdmin before 3.0.2 via missing permission check in AliasHandler component
CVE-2017-5930 · LOW Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Learn more about our Web Application Penetration Testing UK.