CVE-2008-2380

UNKNOWN

SQL injection vulnerability in authpgsqllib

Published Dec 22, 2008

Modified 1 years ago

Details

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

References

WEB

http://osvdb.org/50811

ADVISORY

http://secunia.com/advisories/33235

ADVISORY

http://secunia.com/advisories/34234

ADVISORY

http://security.gentoo.org/glsa/glsa-200903-25.xml

WEB

http://www.courier-mta.org/authlib/changelog.html

WEB

http://www.securityfocus.com/bid/32926

WEB

https://exchange.xforce.ibmcloud.com/vulnerabilities/47494

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2008-2380

CVSS Analysis

CVSS v2.0

5.1

Exploitability

Access Vector

NetworkAV:N

Access Complexity

HighAC:H

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedDec 22, 2008

ModifiedAug 7, 2024

CVE-2008-2380 | Mondoo Vulnerability Intelligence