SQL Injection Vulnerability in Mailutils SQL Authentication Module by Gnu
CVE-2005-1824

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailutils
Vendor: CVE Published:; 2 June 2005

What is CVE-2005-1824?

The sql_escape_string function in the Mailutils SQL authentication module fails to adequately escape backslash characters in SQL queries. This flaw can be exploited to perform SQL injection attacks, allowing malicious users to manipulate SQL queries and potentially gain unauthorized access to sensitive data or control over the database.

References

http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml

vendor-advisoryx_refsource_GENTOO

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2005
Vulnerability Reserved
Jun 2, 2005